CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-31163 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31162 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31179 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31176 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31175 CRITICAL
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2026-31174 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31172 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31171 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31165 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31164 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31160 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31159 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-41304 HIGH
WWBN AVideo vulnerable to RCE caused by clonesite plugin
CVE-2026-6799 MEDIUM
Comfast CF-N1-S Endpoint mbox-config command injection
CVSS 6.3
CVE-2026-38835 CRITICAL
Tenda W30E V2.0 V16.01.0.21 - Command Injection
CVSS 9.8
CVE-2026-38834 HIGH
Tenda W30E V2.0 V16.01.0.21 - Command Injection
CVSS 7.3
CVE-2026-39866 HIGH
Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml
CVSS 8.8
CVE-2026-4048 HIGH
Progress LoadMaster WAF Rule Upload - Authenticated Command Injection RCE
CVSS 8.4
CVE-2026-3519 HIGH
Progress LoadMaster aclcontrol API - Authenticated Command Injection RCE
CVSS 8.4
CVE-2026-3518 HIGH
Progress LoadMaster killsession API - Authenticated Command Injection RCE
CVSS 8.4
CVE-2026-3517 HIGH
Progress LoadMaster addcountry API - Authenticated Command Injection RCE
CVSS 8.4
CVE-2026-6576 MEDIUM
liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection
CVSS 6.3
CVE-2026-30898 HIGH
Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf
CVSS 8.8
CVE-2026-35682 HIGH
Anviz CX2 Lite Command Injection
CVSS 8.8
CVE-2026-21709 MEDIUM
Veeam Backup and Replication <12.3.2 - Auth Bypass
CVSS 6.7
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits