A flaw was found in nrpe. A command injection is possible due to insufficient filtering. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Disable nasty_metachars and dont_blame_nrpe option inside the NRPE configuration file - /etc/nagios/nrpe.cfg