CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,553 vulnerabilities with CWE-77
CVE-2026-2135 MEDIUM
UTT HiPER 810 1.7.4-141218 - OS Command Injection via formPdbUpConfig policyNames Argument
CVSS 6.3
CVE-2026-2131 MEDIUM
XixianLiang HarmonyOS-mcp-server <0.1.0 - Command Injection
CVSS 6.3
CVE-2026-2130 MEDIUM
mcp-maigret < 1.0.13 - Command Injection via Username Argument
CVSS 6.3
CVE-2026-2129 HIGH
D-Link DIR-823X 250416 - OS Command Injection via ac_ipaddr/ac_ipstatus/ap_randtime Parameters
CVSS 7.2
CVE-2026-2120 HIGH
D-Link DIR-823X 250416 - OS Command Injection via Configuration Parameter Handler
CVSS 7.2
CVE-2026-2118 HIGH
UTT HiPER 810 1.7.4-141218 - OS Command Injection via Isp_Name Argument
CVSS 7.2
CVE-2026-2085 HIGH
D-Link DWR-M921 1.1.50 - Command Injection
CVSS 7.2
CVE-2026-2084 HIGH
D-Link DIR-823X - Command Injection
CVSS 7.2
CVE-2026-2082 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 4.7
CVE-2026-2081 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 4.7
CVE-2026-2080 HIGH
UTT HiPER 810 <1.7.4-141218 - Command Injection
CVSS 7.2
CVE-2026-2063 MEDIUM
D-Link DIR-823X 250416 - Command Injection
CVSS 4.7
CVE-2026-2061 MEDIUM
D-Link DIR-823X - Command Injection
CVSS 4.7
CVE-2026-2000 MEDIUM
DCN DCME-320 <20260121 - Command Injection
CVSS 4.7
CVE-2026-1802 HIGH
Ziroom ZHOME A0101 1.0.1.0 - Command Injection
CVSS 7.3
CVE-2026-1735 MEDIUM
Yealink MeetingBar A30 133.321.0 - Command Injection
CVSS 4.3
CVE-2026-1690 MEDIUM
Tenda HG10 Firmware - OS Command Injection via sysCmd Parameter
CVSS 4.7
CVE-2026-1689 HIGH
Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon - OS Command Injection via Host Parameter
CVSS 7.3
CVE-2026-1687 HIGH
Tenda HG10 Firmware - OS Command Injection via Samba Server String Parameter
CVSS 7.3
CVE-2026-22623 HIGH
HIKSEMI HS-AFS-S1H1 >=V5.10.10_Build_251126 - Authenticated Command Injection
CVSS 7.2
CVE-2026-1638 MEDIUM
Tenda AC21 1.1.1.1 - Command Injection
CVSS 6.3
CVE-2026-25046 LOW
Kimi Agent SDK <0.1.6 - Command Injection
CVSS 2.9
CVE-2026-24905 HIGH
inspektor-gadget < 0.48.1 and < 0.51.1 - Command Injection via Unsafe Makefile Parameter Embedding
CVSS 7.8
CVE-2026-1625 MEDIUM
D-Link DWR-M961 1.1.47 - Command Injection
CVSS 6.3
CVE-2026-1624 MEDIUM
D-Link DWR-M961 1.1.47 - Command Injection
CVSS 6.3
Details
Vulnerabilities 3,553
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits