CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,553 vulnerabilities with CWE-77
CVE-2026-5619
MEDIUM
Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection
CVSS 5.3
CVE-2026-5603
MEDIUM
elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection
CVSS 5.3
CVE-2026-5602
MEDIUM
Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection
CVSS 5.3
CVE-2026-5547
MEDIUM
Tenda AC10 httpd formAddMacfilterRule os command injection
CVSS 6.3
CVE-2026-5532
MEDIUM
ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection
CVSS 6.3
CVE-2026-5528
MEDIUM
MoussaabBadla code-screenshot-mcp HTTP os command injection
CVSS 6.3
CVE-2026-35558
HIGH
Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver
CVSS 7.8
CVE-2026-5463
HIGH
pymetasploit3 < 1.0.6 - Command Injection via Newline in Module Options
CVSS 8.6
CVE-2026-5355
MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
CVSS 6.3
CVE-2026-5354
MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_connect os command injection
CVSS 6.3
CVE-2026-5353
MEDIUM
Trendnet TEW-657BRM setup.cgi ping_test os command injection
CVSS 6.3
CVE-2026-5352
MEDIUM
Trendnet TEW-657BRM setup.cgi edit os command injection
CVSS 6.3
CVE-2026-5351
MEDIUM
Trendnet TEW-657BRM setup.cgi add_wps_client os command injection
CVSS 6.3
CVE-2026-5339
MEDIUM
Tenda G103 Setting gpon.lua action_set_net_settings command injection
CVSS 4.7
CVE-2026-5338
MEDIUM
Tenda G103 Setting system.lua action_set_system_settings command injection
CVSS 4.7
CVE-2026-5333
HIGH
DefaultFuction Content-Management-System tools.php command injection
CVSS 7.3
CVE-2026-5327
MEDIUM
efforthye fast-filesystem-mcp index.ts handleGetDiskUsage command injection
CVSS 6.3
CVE-2026-20096
MEDIUM
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 6.5
CVE-2026-20095
MEDIUM
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 6.5
CVE-2026-20094
HIGH
Cisco Integrated Management Controller Command Injection Vulnerability
CVSS 8.8
CVE-2026-34243
CRITICAL
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
CVSS 9.8
CVE-2026-30310
CRITICAL
Sixth - Arbitrary Command Execution via Prompt Injection
CVSS 9.8
CVE-2026-4399
HIGH
1millionbot Millie Chatbot 3.6.0 - Boolean Prompt Injection
CVSS 7.5
CVE-2026-5184
MEDIUM
TRENDnet TEW-713RE setSysAdm command injection
CVSS 6.3
CVE-2026-5183
MEDIUM
TRENDnet TEW-713RE addRouting sub_421494 command injection
CVSS 6.3
Details
Vulnerabilities
3,553
Exploit Likelihood
High