VYPR
Critical severity9.8NVD Advisory· Published Jan 30, 2026· Updated Apr 15, 2026

CVE-2020-37052

CVE-2020-37052

Description

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2020-37052 · Critical · VYPR