# This should get removed whenever 2.16 is released, assuming it has the fix
# included. http://seclists.org/oss-sec/2014/q2/129. There's not upstream
# concensus that quoting arguments in a mode which is widely agreed upon to be
# risky so track upstream discussions here, too.

diff --git b/src/nrpe.c a/src/nrpe.c
index 381f0ac..ad1e05d 100644
--- b/src/nrpe.c
+++ a/src/nrpe.c
@@ -53,7 +53,7 @@ int use_ssl=FALSE;
 
 #define DEFAULT_COMMAND_TIMEOUT	60			/* default timeout for execution of plugins */
 #define MAXFD                   64
-#define NASTY_METACHARS         "|`&><'\"\\[]{};"
+#define NASTY_METACHARS         "|`&><'\"\\[]{};\n"
 #define howmany(x,y)	(((x)+((y)-1))/(y))
 #define MAX_LISTEN_SOCKS        16