Lack of Server-side validation in Instruction Input in TeamViewer DEX...

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

A command
injection vulnerability was discovered in TeamViewer DEX Platform On-Premises
(former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows
authenticated users with at least questioner privileges to inject commands in specific
instructions. Exploitation could lead to execution of elevated commands on
devices connected to the platform.

Basic Information

ID CVE-2026-2695

Source TV

Published May 13, 2026 at 16:09

Modified May 13, 2026 at 17:45

Affected Product

Vendor TeamViewer

Product DEX (On-Premises)

Affected Versions TeamViewer DEX (On-Premises) 0

CWE Classification

CWE-20

References

www.teamviewer.com /de/resources/trust-center/security-bulletins/tv-2026-1004/

{
    "lastseen": "",
    "description": "A command\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could lead to execution of elevated commands on\ndevices connected to the platform.",
    "published": "2026-05-13T16:09:08.776Z",
    "modified": "2026-05-13T17:45:24.249Z",
    "type": "cve",
    "title": "Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)",
    "source": "TV",
    "references": "https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2026-1004/",
    "id": "CVE-2026-2695",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "TeamViewer DEX (On-Premises) 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DEX (On-Premises)",
    "version": "0",
    "vendor": "TeamViewer",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises)_CVE-2026-2695