What is the CVSS score of CVE-2020-37139?

CVE-2020-37139 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Secure FTP Expert are affected by CVE-2020-37139?

Odin Secure FTP Expert 7.6.3 contains a denial of service vulnerability that could allow attackers to crash the application, disrupting file transfer operations and availability.

Is there a public PoC exploit available for CVE-2020-37139?

Yes, a public proof-of-concept exploit is available for CVE-2020-37139. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37139?

Within 24 hours: Inventory all systems running Odin Secure FTP Expert 7.6.3 and assess exposure to untrusted users. Within 7 days: Implement network segmentation to restrict FTP access to authorized sources only, and disable the vulnerable application if not operationally critical. Within 30 days: Evaluate migration to patched versions or alternative SFTP solutions, and monitor vendor communications for patch availability.

Secure FTP Expert CVE-2020-37139

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-02-05 disclosure@vulncheck.com

Buffer Overflow Denial Of Service

8.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.4 HIGH

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 17:16 nvd

HIGH 8.4

DescriptionCVE.org

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash.

AnalysisAI

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. [CVSS 8.4 HIGH]

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash.

Affected ProductsAI

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2020-37139 vulnerability details – vuln.today

Back

Secure FTP Expert CVE-2020-37139

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code