CVE-2026-23563 - Vulnerability Details - OpenCVE

Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/

History

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
Title		Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
Weaknesses		CWE-59
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/
Metrics		cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:39:56.105Z

Updated: 2026-01-29T08:39:56.105Z

Reserved: 2026-01-14T13:54:40.321Z

Link: CVE-2026-23563

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-29T09:16:03.793

Modified: 2026-01-29T09:16:03.793

Link: CVE-2026-23563

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23563", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2026-01-14T13:54:40.321Z", "datePublished": "2026-01-29T08:39:56.105Z", "dateUpdated": "2026-01-29T08:39:56.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["1E Client"], "platforms": ["Windows"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "26.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."}], "value": "Improper Link Resolution Before File Access (invoked by 1E\u2011Explorer\u2011TachyonCore\u2011DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low\u2011privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes."}], "impacts": [{"capecId": "CAPEC-132", "descriptions": [{"lang": "en", "value": "CAPEC-132 Symlink Attack"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-01-29T08:39:56.105Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."}], "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."}], "source": {"discovery": "UNKNOWN"}, "title": "Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}