What is the CVSS score of CVE-2020-37188?

CVE-2020-37188 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Outlook are affected by CVE-2020-37188?

SpotOutlook 1.2.6 is vulnerable to a denial of service attack that can be triggered remotely through the registration form, potentially disrupting service availability for all users.

Is there a public PoC exploit available for CVE-2020-37188?

Yes, a public proof-of-concept exploit is available for CVE-2020-37188. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37188?

Within 24 hours: Identify all instances of SpotOutlook 1.2.6 in production and development environments; assess business criticality and user impact of each instance. Within 7 days: Implement input validation restrictions on the Name field (maximum character limit of 255 characters); monitor application logs for exploitation attempts. Within 30 days: Upgrade to SpotOutlook 1.2.7 or later when available; if unavailable, evaluate alternative solutions or consider disabling user registration functionality if operationally feasible.

Outlook CVE-2020-37188

HIGH

Classic Buffer Overflow (CWE-120)

2026-02-11 disclosure@vulncheck.com

Outlook Denial Of Service

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 12, 2026 - 15:10 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 7.5

DescriptionCVE.org

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

AnalysisAI

Technical ContextAI

Classified as CWE-120 (Classic Buffer Overflow). Affects registration name input field. SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

Affected ProductsAI

Product: registration name input field.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2020-37188 vulnerability details – vuln.today

Back

Outlook CVE-2020-37188

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code