What is the CVSS score of CVE-2020-37178?

CVE-2020-37178 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2020-37178?

KeePass Password Safe versions prior to 2.44 contain a denial of service vulnerability that could crash the application when users interact with malicious HTML files in the help system.

Is there a public PoC exploit available for CVE-2020-37178?

Yes, a public proof-of-concept exploit is available for CVE-2020-37178. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37178?

Within 24 hours: Inventory all KeePass deployments and identify instances running versions before 2.44. Within 7 days: Issue user guidance prohibiting drag-and-drop of untrusted files into the help area and disable the help system's HTML rendering if possible. Within 30 days: Upgrade to KeePass 2.44 or later when available, or migrate to an alternative password manager if upgrading is not feasible.

Red Hat CVE-2020-37178

HIGH

Code Injection (CWE-94)

2026-02-11 disclosure@vulncheck.com

Denial Of Service Red Hat

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Red Hat

7.5 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 12, 2026 - 15:10 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 7.5

DescriptionCVE.org

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

AnalysisAI

Technical ContextAI

Classified as CWE-94 (Code Injection). Affects the a denial of component of KeePass Password Safe. KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

Affected ProductsAI

Product: KeePass Password Safe. Versions: up to 2.44. Component: a denial of.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

CVE-2020-37178 vulnerability details – vuln.today

Back

Red Hat CVE-2020-37178

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code