CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,331 vulnerabilities with CWE-77
CVE-2026-7039 HIGH
tufantunc ssh-mcp index.ts shell.write command injection
CVSS 7.8
CVE-2026-7037 CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-6992 HIGH
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
CVSS 7.2
CVE-2026-6989 MEDIUM
Tenda F453 Telnet Service telnet TendaTelnet command injection
CVSS 6.3
CVE-2026-6987 HIGH
PicoClaw Web Launcher Management Plane restart command injection
CVSS 7.3
CVE-2026-6980 HIGH
Divyanshu-hash GitPilot-MCP main.py repo_path command injection
CVSS 7.3
CVE-2026-41265 CRITICAL
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
CVE-2026-31173 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31169 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31168 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31167 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31166 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31163 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31162 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31179 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31176 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31175 CRITICAL
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2026-31174 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31172 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31171 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31165 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31164 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31160 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-31159 MEDIUM
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 6.5
CVE-2026-41304 HIGH
WWBN AVideo vulnerable to RCE caused by clonesite plugin
Details
Vulnerabilities 3,331
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits