CVE-2026-23563 MEDIUM

CVE-2026-23563: Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction

Vendor Teamviewer
Product DEX
Weakness CWE-59
Published January 29, 2026
Last update January 29, 2026

CVSS base score

5.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
January 29, 2026 Record updated