CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,553 vulnerabilities with CWE-77
CVE-2026-4537 MEDIUM
Cudy TR1200 ipsec.lua action_ipsec_conn command injection
CVSS 4.7
CVE-2026-32052 MEDIUM
OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers
CVSS 6.4
CVE-2026-4499 HIGH
D-Link DIR-820LW SSDP ssdpcgi_main os command injection
CVSS 7.3
CVE-2026-4497 HIGH
Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection
CVSS 7.3
CVE-2026-4496 MEDIUM
sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection
CVSS 5.3
CVE-2026-4468 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4467 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4466 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4465 MEDIUM
D-Link DIR-513 formSysCmd os command injection
CVSS 6.3
CVE-2026-32194 CRITICAL
Microsoft Bing Images Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-32622 HIGH
SQLBot: Remote Code Execution via Terminology Poisoning
CVE-2026-26136 MEDIUM
Microsoft Copilot Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-24299 MEDIUM
M365 Copilot Information Disclosure Vulnerability
CVSS 5.3
CVE-2026-22317 HIGH
Phoenix Contact FL SWITCH and FL NAT < 3.53 - Root CA Transfer Command Injection
CVSS 7.2
CVE-2026-27811 HIGH
Roxy-WI <8.2.6.3 Config Compare - Authenticated Command Injection
CVSS 8.8
CVE-2026-4253 MEDIUM
Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection
CVSS 4.7
CVE-2026-23862 HIGH
Dell ThinOS 10 < 2602_10.0573_T10 - Authenticated Command Injection
CVSS 7.8
CVE-2026-4228 MEDIUM
LB-LINK BL-WR9000 set_wifi sub_458754 command injection
CVSS 6.3
CVE-2026-4210 MEDIUM
D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection
CVSS 6.3
CVE-2026-4209 MEDIUM
D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection
CVSS 6.3
CVE-2026-4207 MEDIUM
D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection
CVSS 6.3
CVE-2026-4206 MEDIUM
D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection
CVSS 6.3
CVE-2026-4205 MEDIUM
D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection
CVSS 6.3
CVE-2026-4204 MEDIUM
D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection
CVSS 6.3
CVE-2026-4203 MEDIUM
D-Link DNS-1550-04 network_mgr.cgi cgi_dhcpd command injection
CVSS 6.3
Details
Vulnerabilities 3,553
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits