CVE-2020-37052 – AirControl 1.4.2 – PreAuth Remote Code Execution

CVE ID : CVE-2020-37052

Published : Jan. 30, 2026, 11:16 p.m. | 1 hour, 56 minutes ago

Description : AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application’s system privileges.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…