CVE-2020-37178

HIGH

KeePass Password Safe < 2.44 - Denial of Service via Malicious HTML File in Help System

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37178. PoCs published by Mustafa Emre Gül.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) and potential command execution vulnerability in KeePass versions prior to 2.44. It leverages a drag-and-drop HTML file with obfuscated JavaScript to trigger the vulnerability.

Description

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

Exploits (1)

exploitdb WORKING POC
by Mustafa Emre Gül · textdosmultiple
https://www.exploit-db.com/exploits/47952

This exploit demonstrates a Denial of Service (DoS) and potential command execution vulnerability in KeePass versions prior to 2.44. It leverages a drag-and-drop HTML file with obfuscated JavaScript to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: KeePass Password Safe < 2.44
No auth needed
Prerequisites: User interaction to drag and drop an HTML file into KeePass help section
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47952
Various Sources product
https://keepass.info/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/keepass-denial-of-service-poc

Scores

CVSS v3 7.5
EPSS 0.0028
EPSS Percentile 19.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (1)
Keepass/KeePass Password Safe < 2.44
Published Feb 11, 2026
Tracked Since Feb 18, 2026