CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,553 vulnerabilities with CWE-77
CVE-2026-4199 MEDIUM
bazinga012 mcp_code_executor index.ts installDependencies command injection
CVSS 5.3
CVE-2026-4198 MEDIUM
mcp-server-auto-commit 1.0.0 - Command Injection
CVSS 5.3
CVE-2026-4197 MEDIUM
D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection
CVSS 6.3
CVE-2026-4196 MEDIUM
D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection
CVSS 6.3
CVE-2026-4195 MEDIUM
D-Link DNS-1550-04 wizard_mgr.cgi command injection
CVSS 6.3
CVE-2026-4192 MEDIUM
quip-mcp-server 1.0.0 - Command Injection
CVSS 6.3
CVE-2026-4170 CRITICAL
Topsec TopACM HTTP Request nmc_sync.php os command injection
CVSS 9.8
CVE-2026-4164 CRITICAL
Wavlink WL-WN578W2 221110 - Command Injection
CVSS 9.8
CVE-2026-4163 CRITICAL
Wavlink WL-WN579A3 220323 - Command Injection
CVSS 9.8
CVE-2026-26133 HIGH
M365 Copilot Information Disclosure Vulnerability
CVSS 7.1
CVE-2026-26793 CRITICAL
GL-iNet GL-AR300M16 v4.3.11 - Command Injection
CVSS 9.8
CVE-2026-26795 CRITICAL
GL-iNet GL-AR300M16 v4.3.11 - Command Injection
CVSS 9.8
CVE-2026-26792 CRITICAL
GL-iNet GL-AR300M16 v4.3.11 - Command Injection
CVSS 9.8
CVE-2026-26791 CRITICAL
GL-iNet GL-AR300M16 v4.3.11 - Command Injection
CVSS 9.8
CVE-2026-3964 MEDIUM
OpenAkita <1.24.3 - Command Injection
CVSS 5.3
CVE-2026-3959 MEDIUM
0xKoda WireMCP - OS Command Injection in Tshark CLI Command Handler
CVSS 5.3
CVE-2026-20163 HIGH
Splunk Enterprise <10.2.0 - Command Injection
CVSS 7.2
CVE-2026-32063 HIGH
OpenClaw <2026.2.21 - Command Injection
CVSS 7.1
CVE-2026-3943 HIGH
H3C ACG1000-AK230 <=20260227 - Command Injection
CVSS 7.3
CVE-2026-23815 HIGH
AOS-CX Switches CLI - Command Injection
CVSS 7.2
CVE-2026-23814 HIGH
HPE AOS-CX 10.10.0000-10.10.1169 10.13.0000-10.13.1100 10.16.0000-10.16.1019 10.17.0000 Authenticated Command Injection
CVSS 8.8
CVE-2026-3854 HIGH
GitHub Enterprise Server RCE via Git Push Option Injection
CVSS 8.8
CVE-2026-3813 MEDIUM
opencc JFlow - Injection in WF_CCForm Calculate Function
CVSS 6.3
CVE-2026-3798 MEDIUM
Comfast CF-AC100 2.6.0.8 - Command Injection
CVSS 4.7
CVE-2026-3704 MEDIUM
Wavlink NU516U1 251208 - Command Injection
CVSS 4.7
Details
Vulnerabilities 3,553
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits