CVE Database · CVE-2020-0796
CVSS v3.1
10.0
EPSS
99.81%
Published
Mar 12, 2020
Modified
Oct 29, 2025
CISA Known Exploited Vulnerability
Added: 2022-02-10 · Due: 2022-08-10
Apply updates per vendor instructions.
Public PoC / Exploit (12)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (8)
References (15)