CVE-2020-37160 HIGH

CVE-2020-37160: SprintWork 2.3.1 - Local Privilege Escalation

Vendor Veridium
Product SprintWork
Weakness CWE-276
Published February 6, 2026
Last update February 17, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 17, 2026 Record updated