What is the CVSS score of CVE-2020-36949?

CVE-2020-36949 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Tapinradio are affected by CVE-2020-36949?

Tapinradio versions 2.13.7 and earlier contain a resource exhaustion vulnerability that could allow attackers to consume unlimited system resources, potentially causing service degradation or denial…

Is there a public PoC exploit available for CVE-2020-36949?

Yes, a public proof-of-concept exploit is available for CVE-2020-36949. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-36949?

Within 24 hours: Inventory all systems running Tapinradio and identify version numbers; assess whether affected versions are in production use. Within 7 days: Implement network-level access controls to restrict Tapinradio exposure; disable unnecessary features if possible; monitor resource consumption for anomalies. Within 30 days: Contact vendor for timeline to patch availability; evaluate alternative solutions or plan for version upgrade immediately upon patch release; document business justification for any systems that cannot be remediated.

Tapinradio CVE-2020-36949

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-01-27 disclosure@vulncheck.com

Denial Of Service Tapinradio

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 20, 2026 - 14:22 vuln.today

Public exploit code

CVE Published

Jan 27, 2026 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.

AnalysisAI

Tapinradio versions up to 2.13.7 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) affects Tapinradio. TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-36949 vulnerability details – vuln.today

Back

Tapinradio CVE-2020-36949

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code