CVE-2026-23570 | THREATINT

Description

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-29 | Updated 2026-01-29 | Assigner TV

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version before 26.1

affected

Credits

Threat Hunt Team of Bank of America finder

References

www.teamviewer.com/...enter/security-bulletins/tv-2026-1001/

cve.org (CVE-2026-23570)

nvd.nist.gov (CVE-2026-23570)

Download JSON