CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-7243 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-7242 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection
CVSS 9.8
CVE-2026-7241 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-7240 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-7220 HIGH
jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection
CVSS 7.3
CVE-2026-7215 HIGH
egtai gmx-vmd-mcp VMD Launch mcp_server.py launch_vmd_gui_tool command injection
CVSS 7.3
CVE-2026-7211 HIGH
dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection
CVSS 7.3
CVE-2026-7204 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-7203 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-7202 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
CVSS 9.8
CVE-2026-7160 HIGH
Tenda HG3 formTracert command injection
CVSS 8.8
CVE-2026-7157 HIGH
disler aider-mcp-server aider_ai_code server.py command injection
CVSS 7.3
CVE-2026-7156 CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7155 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-7154 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-7153 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-7152 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-31255 CRITICAL
Tenda AC18 V15.03.05.05 - Command Injection
CVSS 9.8
CVE-2026-7140 CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7139 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-7138 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection
CVSS 9.8
CVE-2026-7137 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-7136 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-30352 CRITICAL
leonvanzyl autocoder 79d02a - Remote Code Execution
CVSS 9.8
CVE-2026-7125 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits