CVE-2020-36938 HIGH

CVE-2020-36938: WinAVR Version 20100110 - Insecure Folder Permissions

Vendor Winavr
Product WinAVR
Weakness CWE-732
Published January 27, 2026
Last update January 27, 2026

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.

Key dates

02Disclosure timeline

January 27, 2026 CVE published
January 27, 2026 Record updated