CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,552 vulnerabilities with CWE-77
CVE-2026-7124
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-7123
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-7122
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-7121
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-7119
HIGH
Tenda HG3 formCountrystr os command injection
CVSS 8.8
CVE-2026-7102
MEDIUM
Tenda F456 httpd WriteFacMac FromWriteFacMac command injection
CVSS 6.3
CVE-2026-7096
HIGH
Tenda HG3 formgponConf os command injection
CVSS 8.8
CVE-2026-7067
HIGH
D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection
CVSS 7.3
CVE-2026-7066
HIGH
choieastsea simple-openstack-mcp server.py exec_openstack os command injection
CVSS 7.3
CVE-2026-7064
HIGH
AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
CVSS 7.3
CVE-2026-7062
HIGH
Intina47 context-sync Git Integration git-integration.ts os command injection
CVSS 7.3
CVE-2026-7061
HIGH
Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection
CVSS 7.3
CVE-2026-7058
HIGH
666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection
CVSS 7.3
CVE-2026-7039
HIGH
tufantunc ssh-mcp index.ts shell.write command injection
CVSS 7.8
CVE-2026-7037
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-6992
HIGH
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
CVSS 7.2
CVE-2026-6989
MEDIUM
Tenda F453 Telnet Service telnet TendaTelnet command injection
CVSS 6.3
CVE-2026-6987
HIGH
PicoClaw Web Launcher Management Plane restart command injection
CVSS 7.3
CVE-2026-6980
HIGH
Divyanshu-hash GitPilot-MCP main.py repo_path command injection
CVSS 7.3
CVE-2026-41265
CRITICAL
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
CVE-2026-31173
MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31169
MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31168
MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31167
MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31166
MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
Details
Vulnerabilities
3,552
Exploit Likelihood
High