TeamViewer has fixed a security vulnerability that allowed logged-in users to access a system under certain conditions without first obtaining local permissions.
The company described the vulnerability in a security bulletin. The problem has now been resolved with a software update. According to TeamViewer, the issue involved insufficient access controls in the Full and Host clients for Windows, macOS, and Linux. This shortcoming allowed bypassing additional security measures that normally apply only after explicit confirmation during an active remote session.
In such a scenario, access to the system could occur before the user on the other end approved it locally. However, exploitation required that the attacker was already authenticated within TeamViewer.
The vulnerability is registered under CVE-2026-23572 and has a CVSS score of 7.2. TeamViewer therefore classifies the vulnerability as high risk. The company considers all versions of TeamViewer Full and TeamViewer Host older than version 15.74.5 to be vulnerable. TeamViewer states that updating to version 15.74.5 or newer completely resolves the issue. It advises users and organizations to implement this update as soon as possible.
Temporary mitigations and context
As a temporary measure for environments where immediate updating is not possible, TeamViewer recommends activating stricter settings for incoming connections, under which system control is permitted only after explicit confirmation. At the same time, the bulletin shows that this control was part of the circumventable security, underscoring the importance of timely patching.
TeamViewer reports that there are currently no indications that the vulnerability has been actively exploited. However, the incident fits into a broader series of security reports surrounding the company.
In mid-December, TeamViewer was also in the news for security issues in its PC management solution, TeamViewer DEX. These vulnerabilities affected both the software-as-a-service variant and on-premises installations and allowed the execution of unwanted commands and the installation of malware, or the access to protected information, according to Heise.de.