CVE-2020-0910

HIGH

Windows 10 and Windows Server 2016/2019 - Remote Code Execution via Hyper-V Input Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0910. PoCs published by kfmgang.

AI-analyzed exploit summary This is a Python-based exploit PoC for CVE-2020-0910, which targets a vulnerability in Microsoft Windows. The exploit sends a crafted payload to establish a reverse shell, granting remote code execution (RCE) with SYSTEM privileges.

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

Exploits (1)

nomisec WORKING POC
by kfmgang · poc
https://github.com/kfmgang/CVE-2020-0910

This is a Python-based exploit PoC for CVE-2020-0910, which targets a vulnerability in Microsoft Windows. The exploit sends a crafted payload to establish a reverse shell, granting remote code execution (RCE) with SYSTEM privileges.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (specific version not specified)
No auth needed
Prerequisites: Network access to the target · Python 2.7 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.4
EPSS 0.0904
EPSS Percentile 94.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (6)
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_server_2016 1903
microsoft/windows_server_2016 1909
microsoft/windows_server_2019
Published Apr 15, 2020
Tracked Since Feb 18, 2026