GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/67475?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67475?format=api",
    "vulnerability_id": "VCID-esnf-yptu-63ef",
    "summary": "A broken access\ncontrol vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not\ncorrectly enforce authorization checks, allowing an authenticated user with low\nprivileges to perform actions and access resources intended only for higher‑privileged roles. An attacker with\nlow‑privileged credentials may exploit\nthis to gain unauthorized access to administrative or sensitive functionality.",
    "aliases": [
        {
            "alias": "CVE-2026-8381"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8381",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00033",
                    "scoring_system": "epss",
                    "scoring_elements": "0.10288",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00033",
                    "scoring_system": "epss",
                    "scoring_elements": "0.10339",
                    "published_at": "2026-06-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8381"
        },
        {
            "reference_url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/",
            "reference_id": "tv-2026-1005",
            "reference_type": "",
            "scores": [
                {
                    "value": "5.4",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T13:45:22Z/"
                }
            ],
            "url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1005/"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 862,
            "name": "Missing Authorization",
            "description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action."
        }
    ],
    "exploits": [],
    "severity_range_score": "5.4 - 5.4",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esnf-yptu-63ef"
}