VDB
CVE-2020-36969
CVE-2020-36969
PUBLISHED
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
EPSS 0.11% · 29.5th percentile
Risk Scores
EPSS Score
0.11%
29.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | monit | 1:5.35.2-1, 1:5.34.3-1, 0 |
| Ubuntu:Pro:22.04:LTS | monit | *, 1:5.31.0-1ubuntu0.1~esm1, 1:5.30.0-1 |
| Ubuntu:Pro:20.04:LTS | monit | *, 0, 1:5.26.0-2 |
| Ubuntu:24.04:LTS | monit | 1:5.33.0-1, 1:5.33.0-2, 1:5.33.0-2build1 |
| Ubuntu:Pro:18.04:LTS | monit | 1:5.23.0-2, 1:5.25.1-1, 1:5.23.0-4 |
| Ubuntu:Pro:14.04:LTS | monit | 1:5.6-2ubuntu0.1+esm2, 1:5.6-2, 1:5.6-1 |
| Ubuntu:Pro:16.04:LTS | monit | 1:5.16-2ubuntu0.2, 1:5.16-2ubuntu0.2+esm2, 1:5.15-2 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/49080 (nist-nvd)
- CIRCL seen: CVE-2020-36969 (circl-sighting)
- M/Monit Official Vendor Homepage (circl)
- VulnCheck Advisory: M/Monit 3.7.4 - Privilege Escalation (circl)
Timeline
- Jan 28, 2026 CVE Published
- Jan 28, 2026 PoC Published
- Jan 29, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36969 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36969 third-party-advisory
- https://www.exploit-db.com/exploits/49080 third-party-advisory
- https://mmonit.com/ third-party-advisory
- https://www.vulncheck.com/advisories/mmonit-privilege-escalation third-party-advisory