Cyber Resilience

CVE-2020-36969

HighPublic PoC

Published: 28 January 2026

Published
28 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-36969 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Tildeslash M\/Monit. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2020-36969 is a privilege escalation vulnerability in M/Monit 3.7.4. The flaw allows authenticated users to modify user permissions by manipulating the admin parameter through a POST request to the /api/1/admin/users/update endpoint with a crafted payload, enabling the granting of administrative access to a standard user account. It is classified under CWE-863 (Incorrect Authorization) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by any authenticated user with low privileges over the network, requiring low attack complexity and no user interaction. Successful exploitation allows the attacker to elevate their privileges to administrator level on the affected M/Monit instance, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and references, including the vendor site at https://mmonit.com/, VulnCheck at https://www.vulncheck.com/advisories/mmonit-privilege-escalation, and a proof-of-concept exploit at https://www.exploit-db.com/exploits/49080, provide further details on mitigation and patches.

A public proof-of-concept exploit is available, indicating potential for real-world exploitation by authenticated attackers.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a…

more

standard user account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct privilege escalation via authorization bypass (CWE-863) allowing low-privileged authenticated users to grant themselves admin rights.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-64421Shared CWE-863
CVE-2026-41404Shared CWE-863
CVE-2024-44305Shared CWE-863
CVE-2026-4639Shared CWE-863
CVE-2026-41344Shared CWE-863
CVE-2025-27822Shared CWE-863
CVE-2026-47101Shared CWE-863
CVE-2025-0359Shared CWE-863
CVE-2025-14866Shared CWE-863
CVE-2024-13282Shared CWE-863

Affected Assets

tildeslash
m\/monit
3.7.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent authenticated low-privilege users from modifying user permissions via the vulnerable API endpoint.

prevent

Applies least privilege to restrict low-privileged authenticated users from accessing or altering administrative user permissions.

prevent

Validates API inputs like the manipulable 'admin' parameter to block crafted payloads enabling privilege escalation.

References