{"api_version":"1","generated_at":"2026-06-04T13:00:00+00:00","cve":"CVE-2026-8381","urls":{"html":"https://cve.report/CVE-2026-8381","api":"https://cve.report/api/cve/CVE-2026-8381.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-8381","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-8381"},"summary":{"title":"Broken Access Control in TeamViewer DEX Platform (On Premises)","description":"A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with\nlow‑privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.","state":"PUBLISHED","assigner":"TV","published_at":"2026-05-22 09:16:32","updated_at":"2026-05-22 09:16:32"},"problem_types":["CWE-862","CWE-862 CWE-862 – Missing Authorization"],"metrics":[{"version":"3.1","source":"psirt@teamviewer.com","type":"Secondary","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/","name":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/","refsource":"psirt@teamviewer.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-8381","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8381","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"TeamViewer","product":"DEX (On-premises)","version":"affected 9.2 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update to the\nlatest version (9.2 or the latest version available).","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"8381","cve":"CVE-2026-8381","epss":"0.000330000","percentile":"0.102660000","score_date":"2026-05-28","updated_at":"2026-05-29 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-8381","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-22T13:45:22.203910Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-22T13:45:33.655Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"DEX (On-premises)","vendor":"TeamViewer","versions":[{"lessThan":"9.2","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher‑privileged roles.&nbsp;<span>An attacker with\nlow</span><span>‑</span><span>privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.</span></p>"}],"value":"A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with\nlow‑privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality."}],"impacts":[{"capecId":"CAPEC-122","descriptions":[{"lang":"en","value":"CAPEC-122 Privilege Abuse"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 – Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-22T08:29:16.451Z","orgId":"13430f76-86eb-43b2-a71c-82c956ef31b6","shortName":"TV"},"references":[{"url":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Update to the\nlatest version (9.2 or the latest version available).</p>"}],"value":"Update to the\nlatest version (9.2 or the latest version available)."}],"source":{"discovery":"UNKNOWN"},"title":"Broken Access Control in TeamViewer DEX Platform (On Premises)","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"13430f76-86eb-43b2-a71c-82c956ef31b6","assignerShortName":"TV","cveId":"CVE-2026-8381","datePublished":"2026-05-22T08:29:16.451Z","dateReserved":"2026-05-12T08:47:56.307Z","dateUpdated":"2026-05-22T13:45:33.655Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-22 09:16:32","lastModifiedDate":"2026-05-22 09:16:32","problem_types":["CWE-862","CWE-862 CWE-862 – Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"psirt@teamviewer.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"8381","Ordinal":"1","Title":"Broken Access Control in TeamViewer DEX Platform (On Premises)","CVE":"CVE-2026-8381","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"8381","Ordinal":"1","NoteData":"A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with\nlow‑privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.","Type":"Description","Title":"Broken Access Control in TeamViewer DEX Platform (On Premises)"}]}}}