CVE-2026-23568 - Vulnerability Details - OpenCVE

An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/

History

Thu, 29 Jan 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
Title		Out-of-bounds read vulnerability in Content Distribution Service
Weaknesses		CWE-125
References		https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TV

Published: 2026-01-29T08:48:17.551Z

Updated: 2026-01-29T08:48:17.551Z

Reserved: 2026-01-14T13:54:40.322Z

Link: CVE-2026-23568

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-29T09:16:04.473

Modified: 2026-01-29T09:16:04.473

Link: CVE-2026-23568

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23568", "assignerOrgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "state": "PUBLISHED", "assignerShortName": "TV", "dateReserved": "2026-01-14T13:54:40.322Z", "datePublished": "2026-01-29T08:48:17.551Z", "dateUpdated": "2026-01-29T08:48:17.551Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Content Distribution Service", "NomadBranch.exe"], "platforms": ["Windows"], "product": "DEX", "vendor": "TeamViewer", "versions": [{"lessThan": "26.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Threat Hunt Team of Bank of America"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."}], "value": "An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13430f76-86eb-43b2-a71c-82c956ef31b6", "shortName": "TV", "dateUpdated": "2026-01-29T08:48:17.551Z"}, "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."}], "value": "Update the TeamViewer DEX Client (1E Client) to the latest available version."}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds read vulnerability in Content Distribution Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}