CVE-2026-8381

{"id": "CVE-2026-8381", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-8381", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-22T13:45:22.203910Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@teamviewer.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "affected": [{"source": "psirt@teamviewer.com", "affectedData": [{"vendor": "TeamViewer", "product": "DEX (On-premises)", "versions": [{"status": "affected", "version": "0", "lessThan": "9.2", "versionType": "custom"}], "defaultStatus": "unaffected"}]}], "published": "2026-05-22T09:16:32.743", "references": [{"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/", "source": "psirt@teamviewer.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@teamviewer.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On\u2011Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher\u2011privileged roles.\u00a0An attacker with\nlow\u2011privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality."}], "lastModified": "2026-06-17T11:03:51.987", "sourceIdentifier": "psirt@teamviewer.com"}