CVE-2026-2695
Description
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could lead to execution of elevated commands on devices connected to the platform.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in TeamViewer DEX Platform On-Premises allows authenticated questioners to execute elevated commands on connected devices.
A command injection vulnerability (CVE-2026-2695) exists in TeamViewer DEX Platform On-Premises (formerly 1E DEX Platform On-Premises) prior to version 9.2. The root cause is improper input validation in specific instructions, enabling authenticated users with at least questioner privileges to inject arbitrary commands [1].
To exploit this vulnerability, an attacker must have authenticated access to the platform with questioner-level privileges or higher. The injection occurs within specific instructions processed by the platform, allowing the attacker to execute commands on devices connected to the platform [1].
Successful exploitation leads to the execution of elevated commands on managed devices, potentially compromising their security and allowing further lateral movement or data exfiltration [1].
The vulnerability has been fixed in TeamViewer DEX Platform On-Premises version 9.2. SaaS customers are not affected and require no action. At the time of publication, there is no evidence of exploitation in the wild [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.