CVE-2020-37012 CRITICAL

CVE-2020-37012: Tea LaTex 1.0 - Remote Code Execution

Vendor Ammarfaizi2

Product Tea LaTex

Weakness CWE-78

Published January 29, 2026

Last update January 29, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.

Key dates

02Disclosure timeline

January 29, 2026 CVE published

January 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37012

Related vulnerabilities

04Related CVE

CVE-2025-66401 MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL CVE-2021-36022 Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution CVE-2024-7470 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os command injection CVE-2026-25089 CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products