SB20260205111 - Improper authorization in TeamViewer Full and Host clients



SB20260205111 - Improper authorization in TeamViewer Full and Host clients

Published: February 5, 2026

Security Bulletin ID SB20260205111
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper authorization (CVE-ID: CVE-2026-23572)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper authorization checks when "Allow after confirmation" option is selected. A remote authenticated user can bypass additional access control and gain access to the system without an additional user consent. 

Note, the attacker needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.


Remediation

Install update from vendor's website.