Critical severity9.8NVD Advisory· Published Jan 30, 2026· Updated Apr 15, 2026
CVE-2020-37052
CVE-2020-37052
Description
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.4.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.