CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,331 vulnerabilities with CWE-77
CVE-2026-7593
HIGH
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
CVSS 7.3
CVE-2026-7590
HIGH
eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
CVSS 7.3
CVE-2026-7548
HIGH
Totolink NR1800X cstecgi.cgi sub_41A68C command injection
CVSS 8.8
CVE-2026-7538
CRITICAL
Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
CVSS 9.8
CVE-2026-7469
MEDIUM
Tenda 4G300 DelFil sub_425A28 command injection
CVSS 6.3
CVE-2026-7446
HIGH
VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
CVSS 7.3
CVE-2026-7443
HIGH
BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
CVSS 7.3
CVE-2026-7416
HIGH
PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
CVSS 7.3
CVE-2026-26015
CRITICAL
Unauthenticated RCE in DocsGPT MCP STDIO Configuration
CVE-2026-36841
CRITICAL
TOTOLINK N200RE V5 - Command Injection
CVSS 9.8
CVE-2026-7316
HIGH
eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection
CVSS 7.3
CVE-2026-7244
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
CVSS 9.8
CVE-2026-7243
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-7242
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection
CVSS 9.8
CVE-2026-7241
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-7240
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-7220
HIGH
jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection
CVSS 7.3
CVE-2026-7215
HIGH
egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
CVSS 7.3
CVE-2026-7211
HIGH
dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection
CVSS 7.3
CVE-2026-7204
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-7203
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-7202
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
CVSS 9.8
CVE-2026-7160
HIGH
Tenda HG3 formTracert command injection
CVSS 8.8
CVE-2026-7157
HIGH
disler aider-mcp-server aider_ai_code server.py command injection
CVSS 7.3
CVE-2026-7156
CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
Details
Vulnerabilities
3,331
Exploit Likelihood
High