CVE-2026-23566 MEDIUM

CVE-2026-23566: Log Injection in Content Distribution Service UDP Handler

Vendor Teamviewer
Product DEX
Weakness CWE-20 · Input validation
Published January 29, 2026
Last update January 29, 2026

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
January 29, 2026 Record updated