What is the CVSS score of CVE-2020-37027?

CVE-2020-37027 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.7%.

Is there a public PoC exploit available for CVE-2020-37027?

Yes, a public proof-of-concept exploit is available for CVE-2020-37027. Prioritise patching immediately. EPSS: 0.7%.

How to fix or mitigate CVE-2020-37027?

Within 24 hours: Identify and inventory all systems running Sickbeard alpha; isolate affected systems from production networks if they contain sensitive data. Within 7 days: Disable Sickbeard alpha or migrate to alternative software; conduct network traffic analysis for signs of compromise. Within 30 days: Complete migration off vulnerable software; perform forensic analysis on affected systems; review access logs for unauthorized command execution.

CVE-2020-37027

CRITICAL

OS Command Injection (CWE-78)

2026-01-30 disclosure@vulncheck.com

Command Injection

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 04, 2026 - 16:34 vuln.today

Public exploit code

CVE Published

Jan 30, 2026 - 23:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.

AnalysisAI

Unauthenticated command injection in Sickbeard alpha media management application. EPSS 0.70% with PoC available.

Technical ContextAI

CWE-78 in Sickbeard's extraction functionality. Unauthenticated remote exploitation.

Affected ProductsAI

Sickbeard alpha

RemediationAI

Update Sickbeard or migrate to a maintained fork.

CVE-2020-37027 vulnerability details – vuln.today

Back

CVE-2020-37027

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code