{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23564","assignerOrgId":"13430f76-86eb-43b2-a71c-82c956ef31b6","state":"PUBLISHED","assignerShortName":"TV","dateReserved":"2026-01-14T13:54:40.322Z","datePublished":"2026-01-29T08:43:43.799Z","dateUpdated":"2026-01-29T16:53:10.746Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Content Distribution Service","NomadBranch.exe"],"platforms":["Windows"],"product":"DEX","vendor":"TeamViewer","versions":[{"lessThan":"26.1","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Threat Hunt Team of Bank of America"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.</span>"}],"value":"A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information."}],"impacts":[{"capecId":"CAPEC-220","descriptions":[{"lang":"en","value":"CAPEC-220 Client-Server Protocol Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"13430f76-86eb-43b2-a71c-82c956ef31b6","shortName":"TV","dateUpdated":"2026-01-29T08:43:43.799Z"},"references":[{"url":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update the TeamViewer DEX Client (1E Client) to the latest available version."}],"value":"Update the TeamViewer DEX Client (1E Client) to the latest available version."}],"source":{"discovery":"UNKNOWN"},"title":"Transmission of Unencrypted Data in Content Distribution Service","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-29T15:57:06.915459Z","id":"CVE-2026-23564","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-29T16:53:10.746Z"}}]}}