Improper authorization in TeamViewer products - CVE-2026-23572
Published: February 5, 2026
Vulnerability identifier: #VU122420
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23572
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TeamViewer
Affected software:
TeamViewer Remote Host for Windows
TeamViewer Remote Full Client for Windows
TeamViewer Full Client for Linux
TeamViewer Full Client for macOS
TeamViewer Host for Linux
TeamViewer Host for macOS
TeamViewer Remote Host for Windows
TeamViewer Remote Full Client for Windows
TeamViewer Full Client for Linux
TeamViewer Full Client for macOS
TeamViewer Host for Linux
TeamViewer Host for macOS
Detailed vulnerability description
The vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to improper authorization checks when "Allow after confirmation" option is selected. A remote authenticated user can bypass additional access control and gain access to the system without an additional user consent.
Note, the attacker needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
How to mitigate CVE-2026-23572
Install updates from vendor's website.