TeamViewer: Vulnerability allows access without prior confirmation

A security vulnerability has been discovered in TeamViewer that allows authenticated attackers to access resources before local confirmation. Updated software packages are available to fix the vulnerability. IT administrators using TeamViewer should update promptly.

TeamViewer warns in a security bulletin about the vulnerability. “Insufficient access controls in TeamViewer Full and Host clients for Linux, macOS, and Windows allow authenticated users to bypass additional access controls via 'Allow after confirmation' in a remote support session. If successfully exploited, unauthorized access can occur before local confirmation,” explains TeamViewer (CVE-2026-23572, CVSS 7.2, risk “high”).

TeamViewer Full for Linux, macOS, and Windows, as well as TeamViewer Host for Linux, macOS, and Windows prior to version 15.74.5, are affected. Updating to this or newer versions closes the security vulnerability, according to TeamViewer. So far, according to TeamViewer, no attacks exploiting the vulnerability are known.

Temporary Countermeasure

Additionally, TeamViewer states that administrators can help themselves by activating the option “Control this computer – Allow after Confirmation.” This can be found in the settings under “Advanced Options” – “Advanced Options for Connections to this Computer” or set via the policy “Access Control (Incoming Connections)”. This raises doubts, as the security vulnerability itself consists of authenticated attackers being able to bypass this access control.

In mid-December, security vulnerabilities in the PC management software TeamViewer DEX became known. Several security issues impacted the software-as-a-service version and on-premises installations equally. The vulnerabilities allowed the execution of injected commands and malicious code, as well as access to protected information.

(dmk)