Command Injection Vulnerability in TeamViewer DEX Platform On-Premises
CVE-2026-2695

6.3MEDIUM

Key Information:

Vendor: Teamviewer
Status: Dex (on-premises)
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-2695?

A command injection vulnerability exists in TeamViewer's DEX Platform On-Premises prior to version 9.2. This flaw arises from inadequate input validation, allowing authenticated users, specifically those with questioner privileges, to inject malicious commands. Successful exploitation of this vulnerability can enable an attacker to execute unauthorized commands on devices connected to the platform, thereby compromising system integrity and security.

Affected Version(s)

DEX (On-Premises) 0 < 9.2

References

https://www.teamviewer.com/de/resources/trust-center/secu...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Feb 18, 2026

Credit

Lockheed Martin Red Team

CVE-2026-2695 Data

JSON