#VU122420 Improper authorization in TeamViewer products - CVE-2026-23572
Published: February 5, 2026
Vulnerability identifier: #VU122420
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23572
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
TeamViewer Remote Host for Windows
TeamViewer Remote Full Client for Windows
TeamViewer Full Client for Linux
TeamViewer Full Client for macOS
TeamViewer Host for Linux
TeamViewer Host for macOS
TeamViewer Remote Host for Windows
TeamViewer Remote Full Client for Windows
TeamViewer Full Client for Linux
TeamViewer Full Client for macOS
TeamViewer Host for Linux
TeamViewer Host for macOS
Software vendor:
TeamViewer
TeamViewer
Description
The vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to improper authorization checks when "Allow after confirmation" option is selected. A remote authenticated user can bypass additional access control and gain access to the system without an additional user consent.
Note, the attacker needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability.
Remediation
Install updates from vendor's website.