VDB
CVE-2020-36986
CVE-2020-36986
PUBLISHED
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.
EPSS 0.01% · 0.7th percentile
Risk Scores
EPSS Score
0.01%
0.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | prey | 0, 0.6.2-1.1 |
| Ubuntu:18.04:LTS | prey | 0, 0.6.2-1.1 |
Exploit Intelligence
- CIRCL seen: CVE-2020-36986 (circl-sighting)
- Vendor Homepage (circl)
- VulnCheck Advisory: Prey 1.9.6 - "CronService" Unquoted Service Path (circl)
- ExploitDB-48967 (cve.org)
Timeline
- Jan 28, 2026 CVE Published
- Jan 28, 2026 PoC Published
- Jan 28, 2026 CVE Updated
- Jan 29, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36986 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36986 third-party-advisory
- https://preyproject.com/ third-party-advisory
- https://www.exploit-db.com/exploits/48967 third-party-advisory
- https://www.vulncheck.com/advisories/prey-cronservice-unquoted-service-path third-party-advisory