{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8381", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2026-05-12T08:47:56.307Z", "datePublished": "2026-05-22T08:29:16.451Z", "dateUpdated": "2026-05-22T08:29:16.451Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-05-22T08:29:16.451Z"}, "title": "Broken Access Control in TeamViewer DEX Platform (On Premises)", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 \u2013 Missing Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "TeamViewer", "product": "DEX (On-premises)", "versions": [{"status": "affected", "version": "0", "lessThan": "9.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u00a0An attacker with\nlow\u2011privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.&nbsp;<span>An attacker with\nlow</span><span>\u2011</span><span>privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.</span></p>"}]}], "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Update to the\nlatest version (9.2 or the latest version available).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Update to the\nlatest version (9.2 or the latest version available).</p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u00a0An attacker with\nlow\u2011privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality."}], "id": "CVE-2026-8381", "lastModified": "2026-05-22T09:16:32.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@teamviewer.com", "type": "Secondary"}]}, "published": "2026-05-22T09:16:32.743", "references": [{"source": "psirt@teamviewer.com", "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"}], "sourceIdentifier": "psirt@teamviewer.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "psirt@teamviewer.com", "type": "Secondary"}]}

{}

{"created": "2026-05-22T09:30:32.111881+00:00", "updated": "2026-05-22T09:30:32.111902+00:00", "vendors": []}