Security vulnerability in TeamViewer bypassed permission checks

Security vulnerability in TeamViewer bypassed permission checks

Briefly

"The problem has now been resolved with a software update. According to TeamViewer, the issue involved insufficient access controls in the Full and Host clients for Windows, macOS, and Linux. This shortcoming allowed bypassing additional security measures that normally apply only after explicit confirmation during an active remote session. In such a scenario, access to the system could occur before the user on the other end approved it locally. However, exploitation required that the attacker was already authenticated within TeamViewer."

"The vulnerability is registered under CVE-2026-23572 and has a CVSS score of 7.2. TeamViewer therefore classifies the vulnerability as high risk. The company considers all versions of TeamViewer Full and TeamViewer Host older than version 15.74.5 to be vulnerable. TeamViewer states that updating to version 15.74.5 or newer completely resolves the issue. It advises users and organizations to implement this update as soon as possible."

"As a temporary measure for environments where immediate updating is not possible, TeamViewer recommends activating stricter settings for incoming connections, under which system control is permitted only after explicit confirmation. At the same time, the bulletin shows that this control was part of the circumventable security, underscoring the importance of timely patching. TeamViewer reports that there are currently no indications that the vulnerability has been actively exploited. However, the incident fits into a broader series of security reports surrounding the company."