CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-12223 MEDIUM
Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection
CVSS 5.5
CVE-2026-12219 MEDIUM
Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
CVSS 6.3
CVE-2026-12197 HIGH
Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection
CVSS 7.2
CVE-2026-12187 HIGH
GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection
CVSS 8.8
CVE-2026-12186 HIGH
GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection
CVSS 8.8
CVE-2026-53822 HIGH
OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution
CVSS 8.8
CVE-2026-42850 HIGH
Kitty has a shell command injection
CVE-2026-46529 HIGH
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
CVE-2026-45558 CRITICAL
Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save
CVSS 9.9
CVE-2026-11572 HIGH
Degit - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.8
CVE-2026-11556 HIGH
Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection
CVSS 8.8
CVE-2026-11487 MEDIUM
Neovim View Branch secure.lua M.read command injection
CVSS 5.3
CVE-2026-11455 MEDIUM
FoundationAgents MetaGPT common.py check_cmd_exists command injection
CVSS 5.0
CVE-2026-11452 HIGH
GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection
CVSS 7.3
CVE-2026-11451 HIGH
GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection
CVSS 7.3
CVE-2026-11450 HIGH
GL.iNet GL-MT3000 Path Normalization dlopen command injection
CVSS 7.3
CVE-2026-11449 MEDIUM
GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection
CVSS 6.3
CVE-2026-11448 MEDIUM
GL.iNet GL-MT3000 Minidlna Service rpc realpath command injection
CVSS 4.7
CVE-2026-11447 MEDIUM
GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection
CVSS 6.3
CVE-2026-11408 MEDIUM
vertex-app vertex Log Viewer Endpoint LogMod.js os command injection
CVSS 6.3
CVE-2026-11406 MEDIUM
GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
CVSS 6.3
CVE-2026-11341 MEDIUM
D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection
CVSS 6.3
CVE-2026-11339 MEDIUM
D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection
CVSS 6.3
CVE-2026-10878 MEDIUM
D-Link DWR-M920 formSmsManage sub_41C8E8 command injection
CVSS 6.3
CVE-2026-45497 HIGH
Microsoft M365 Copilot Remote Code Execution Vulnerability
CVSS 7.7
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits