CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,553 vulnerabilities with CWE-77
CVE-2026-5973
HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
CVSS 7.3
CVE-2026-5972
HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
CVSS 7.3
CVE-2026-31170
CRITICAL
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2026-5854
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-5853
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-5852
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-5851
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-5850
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-5844
HIGH
D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection
CVSS 7.2
CVE-2026-5833
MEDIUM
awwaiid mcp-server-taskwarrior index.ts server.setRequestHandler command injection
CVSS 5.3
CVE-2026-5831
MEDIUM
Agions taskflow-ai terminal_execute handlers.ts os command injection
CVSS 6.3
CVE-2026-5802
HIGH
idachev mcp-javadc HTTP os command injection
CVSS 7.3
CVE-2026-5741
HIGH
suvarchal docker-mcp-server HTTP index.ts pull_image os command injection
CVSS 7.3
CVE-2026-35580
CRITICAL
Emissary has GitHub Actions Shell Injection via Workflow Inputs
CVSS 9.1
CVE-2026-5692
HIGH
Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection
CVSS 7.3
CVE-2026-5691
HIGH
Totolink A7100RU cstecgi.cgi setFirewallType os command injection
CVSS 7.3
CVE-2026-5690
HIGH
Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection
CVSS 7.3
CVE-2026-5689
HIGH
Totolink A7100RU cstecgi.cgi setNtpCfg os command injection
CVSS 7.3
CVE-2026-5688
HIGH
Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection
CVSS 7.3
CVE-2026-5679
MEDIUM
Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection
CVSS 5.5
CVE-2026-5678
HIGH
Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
CVSS 7.3
CVE-2026-5677
HIGH
Totolink A7100RU cstecgi.cgi CsteSystem os command injection
CVSS 7.3
CVE-2026-5663
HIGH
OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection
CVSS 7.3
CVE-2026-31059
CRITICAL
UTT Aggressive HiPER 520W Firmware - formDia OS Command Injection
CVSS 9.8
CVE-2026-5621
MEDIUM
ChrisChinchilla Vale-MCP HTTP index.ts os command injection
CVSS 5.3
Details
Vulnerabilities
3,553
Exploit Likelihood
High