Primary

Context

M/Monit Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in M/Monit version 3.7.4, allowing authenticated users to alter user permissions by manipulating the admin parameter. Exploitation involves sending a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative rights to a standard user account.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling standard users to gain administrative access.

Reproduction

To reproduce this vulnerability, log into the application with a standard user account. Once logged in, send a POST request to the /api/1/admin/users/update endpoint. Include a payload that manipulates the admin parameter to grant administrative privileges to the user account.

Added: Jan 28, 2026, 6:39 PM

Updated: Jan 28, 2026, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

M/Monit Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating