CVE-2026-23564 identifies a vulnerability in the TeamViewer DEX Client, specifically within its Content Distribution Service component (NomadBranch.exe) for Windows versions prior to 26.1. The flaw pertains to the transmission of UDP traffic that is normally encrypted; however, due to this vulnerability, an attacker positioned on the adjacent network can intercept this traffic in cleartext. This cleartext transmission violates secure communication protocols and leads to the disclosure of sensitive information that would otherwise be protected. The vulnerability is classified under CWE-319, which concerns the cleartext transmission of sensitive data. The attack vector is adjacent network (AV:A), meaning the attacker must have access to the same local network segment or a logically adjacent network. No privileges are required (PR:N), no user interaction is needed (UI:N), and the scope is unchanged (S:U). The impact is high on confidentiality (C:H), but there is no impact on integrity (I:N) or availability (A:N). Although no exploits have been reported in the wild, the vulnerability poses a significant risk for data leakage in environments where TeamViewer DEX is used for content distribution. The absence of a patch link suggests that remediation may require updating to version 26.1 or later once released. The vulnerability highlights a critical lapse in encryption handling for UDP traffic within the affected software component, potentially exposing sensitive operational or user data to attackers on the same network segment.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information transmitted via TeamViewer DEX's content distribution service. Organizations that rely on TeamViewer DEX for internal content distribution over local networks are particularly vulnerable, as attackers on the same network can intercept unencrypted UDP traffic. This exposure could compromise confidential business data, intellectual property, or personal data, potentially violating GDPR requirements. The lack of impact on integrity and availability limits the threat to data confidentiality, but the sensitivity of the leaked information could still result in reputational damage, regulatory penalties, and operational risks. Industries with high data sensitivity such as finance, healthcare, and government entities in Europe are at elevated risk. Since exploitation requires network adjacency, organizations with segmented and well-controlled internal networks may reduce exposure, but those with flat or poorly segmented networks face higher risks. The absence of known exploits in the wild reduces immediate urgency but does not eliminate the risk of future exploitation.

European organizations should prioritize upgrading TeamViewer DEX Client to version 26.1 or later as soon as it becomes available to ensure the vulnerability is patched. Until an update is applied, network administrators should enforce strict network segmentation and access controls to limit the ability of unauthorized devices to connect to the same local network segments as TeamViewer DEX clients. Deploying network monitoring tools to detect unusual UDP traffic patterns may help identify potential exploitation attempts. Additionally, organizations should consider encrypting sensitive data at the application layer before transmission to mitigate risks from cleartext exposure. Regularly auditing and updating endpoint security policies to restrict installation and use of vulnerable software versions is recommended. Finally, educating IT staff about the risks of adjacent network attacks and enforcing strong network access controls can further reduce exposure.