CVE-2020-37032 HIGH

CVE-2020-37032: Wing FTP Server 6.3.8 - Remote Code Execution

Vendor Wing Ftp Server

Product Wing FTP Server

Weakness CWE-78

Published January 30, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.

Key dates

02Disclosure timeline

January 30, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37032 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2020-37032: Wing FTP Server 6.3.8 - Remote Code Execution

01Description

02Disclosure timeline

03References

04Related CVE