diff --git a/Dubbo/CVE-2020-1948/CVE-2020-1948.gif b/Dubbo/CVE-2020-1948/CVE-2020-1948.gif
new file mode 100644
index 0000000..612a4c0
Binary files /dev/null and b/Dubbo/CVE-2020-1948/CVE-2020-1948.gif differ
diff --git a/Dubbo/CVE-2020-1948/README.md b/Dubbo/CVE-2020-1948/README.md
new file mode 100644
index 0000000..e41593b
--- /dev/null
+++ b/Dubbo/CVE-2020-1948/README.md
@@ -0,0 +1,11 @@
+# CVE-2020-1948 Dubbo RCE
+
+This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code.
+
+**Affected version**: apache dubbo 2.5.0 - 2.5.10, 2.6.0 - 2.6.7, 2.7.0 - 2.7.6
+
+**[FOFA]([https://fofa.so/result?q=protocol%3D%3D%22apache-dubbo%22&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=](https://fofa.so/result?q=protocol%3D%3D"apache-dubbo"&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=)) query rule**: protocol=="apache-dubbo"
+
+# Demo
+
+![](CVE-2020-1948.gif)
\ No newline at end of file