CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,551 vulnerabilities with CWE-77
CVE-2026-10873 HIGH
Shibby Tomato Web UI rstats rstats_path os command injection
CVSS 7.2
CVE-2026-10872 HIGH
Shibby Tomato Web UI rc start_vpnserver os command injection
CVSS 7.2
CVE-2026-10871 HIGH
Shibby Tomato Web UI rc start_6rd_tunnel os command injection
CVSS 7.2
CVE-2026-10870 HIGH
Shibby Tomato Web UI rc start_dhcpc os command injection
CVSS 7.2
CVE-2026-8037 CRITICAL
Progress ADC Products - Unauthenticated OS Command Injection
CVSS 9.6
CVE-2026-10550 MEDIUM
elunez eladmin Application Deployment App.java command injection
CVSS 6.3
CVE-2026-10279 MEDIUM
hiraishikentaro wezterm-mcp 0.1.0 - OS Command Injection via Pane ID Argument
CVSS 6.3
CVE-2026-10273 HIGH
php-censor Webhook Endpoint GitBuild.php os command injection
CVSS 7.3
CVE-2026-10219 HIGH
nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection
CVSS 7.3
CVE-2026-10214 HIGH
zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection
CVSS 7.3
CVE-2026-10182 MEDIUM
TRENDnet TEW-432BRP formWlanSetup command injection
CVSS 6.3
CVE-2026-10180 MEDIUM
TRENDnet TEW-432BRP formSysCmd command injection
CVSS 6.3
CVE-2026-10166 MEDIUM
Edimax BR-6478AC POST Request formWlbasic command injection
CVSS 6.3
CVE-2026-10127 MEDIUM
Edimax BR-6478AC POST Request formStaDrvSetup command injection
CVSS 6.3
CVE-2026-45628 CRITICAL
Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline
CVSS 9.6
CVE-2026-45663 CRITICAL
Dokploy: Remote Code Execution via destinationPath in Container File Upload
CVSS 9.9
CVE-2026-10061 MEDIUM
TRENDnet TEW-432BRP formWPS command injection
CVSS 6.3
CVE-2026-10060 MEDIUM
TRENDnet TEW-432BRP formSetRoute command injection
CVSS 6.3
CVE-2026-49199 CRITICAL
Predator Connect W6x: RCE via MQTT
CVSS 9.8
CVE-2026-49196 HIGH
Predator Connect W6x: Web Interface Command Injection
CVSS 7.2
CVE-2026-48116 HIGH
AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill
CVSS 7.5
CVE-2026-38707 CRITICAL
InHand Networks IR302 V3.5.108 IR305 IR315 IR615 <= V1.0.118 - Command Injection in IPSec VPN Feature
CVSS 9.8
CVE-2026-38704 CRITICAL
InHand Networks IR302 V3.5.108, IR305/315/615 V1.0.118 - WireGuard VPN Command Injection
CVSS 9.8
CVE-2026-38703 CRITICAL
InHand Networks IR302 V3.5.108 IR305 IR315 IR615 <= V1.0.118 - Command Injection via ZeroTier VPN Feature
CVSS 9.8
CVE-2026-38702 CRITICAL
InHand Networks IR302 V3.5.108, IR305/IR315/IR615 V1.0.118 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,551
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits