How to fix CVE-2020-36986?

Within 24 hours: Identify all systems running Prey 1.9.6 and isolate or restrict local user access where possible. Within 7 days: Implement file system permissions hardening on Prey installation directories and restrict write access to the CronService executable path. Within 30 days: Contact Prey vendor for patched version availability and develop upgrade plan; if no patch timeline is provided, evaluate alternative endpoint protection solutions.

CVE-2020-36986

HIGH

2026-01-28 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 16:31 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 13:15 nvd

HIGH 7.8

Description

Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.

Analysis

Technical Context

Affected Products

Prey 1.9.6 contains an unquoted service path vulnerability that

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

CVE-2020-36986 vulnerability details – vuln.today

Back

CVE-2020-36986

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-36986

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code