CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-9385 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setTracerouteCfg os command injection
CVSS 9.8
CVE-2026-9384 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setDiagnosisCfg os command injection
CVSS 9.8
CVE-2026-9379 MEDIUM
Edimax BR-6675nD POST Request formWpsStart command injection
CVSS 6.3
CVE-2026-9378 MEDIUM
Edimax BR-6675nD POST Request formHwSet command injection
CVSS 6.3
CVE-2026-9367 HIGH
NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection
CVSS 7.3
CVE-2026-9363 MEDIUM
Edimax EW-7438RPn POST Request formEZCHNwlanSetu formEZCHNwlanSetup command injection
CVSS 6.3
CVE-2026-9362 MEDIUM
Edimax EW-7438RPn Setting formConnectionSetting command injection
CVSS 6.3
CVE-2026-9361 MEDIUM
Edimax EW-7438RPn POST Request formAccep formAccept command injection
CVSS 6.3
CVE-2026-9359 MEDIUM
Edimax EW-7438RPn POST Request formHwSet command injection
CVSS 6.3
CVE-2026-9347 MEDIUM
Edimax EW-7438RPn webs formWizSurvey os command injection
CVSS 6.3
CVE-2026-9343 MEDIUM
Edimax EW-7438RPn webs formWpsStart os command injection
CVSS 6.3
CVE-2026-9297 MEDIUM
Edimax BR-6428NS POST Request formWlbasic command injection
CVSS 6.3
CVE-2026-9296 MEDIUM
Edimax BR-6428NS POST Request formWlanM system command injection
CVSS 6.3
CVE-2026-42827 MEDIUM
M365 Copilot Information Disclosure Vulnerability
CVSS 6.5
CVE-2026-41090 CRITICAL
Microsoft Copilot Tampering Vulnerability
CVSS 9.3
CVE-2026-23652 CRITICAL
Microsoft Power Pages Remote Code Execution Vulnerability
CVSS 10.0
CVE-2026-9277 HIGH
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
CVSS 8.1
CVE-2026-2740 HIGH
ManageEngine ADSelfService Plus <6525, DataSecurity Plus <6264, RecoveryManager Plus <6313 - RCE
CVSS 8.4
CVE-2026-42000 MEDIUM
PowerDNS Authoritative 4.9.0-4.9.14 and 5.0.0-5.0.4 - Command Injection via AXFR Name Validation
CVSS 6.8
CVE-2026-8632 HIGH
HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution
CVSS 7.8
CVE-2026-35070 MEDIUM
Dell SmartFabric Storage Software < 1.4.5 or later - Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS 6.4
CVE-2026-45585 MEDIUM
Microsoft Windows 11 Version 24H2 - Windows BitLocker Security Feature Bypass Vulnerability
CVSS 6.8
CVE-2026-8777 MEDIUM
Edimax BR-6428NS POST Request formStaDrvSetup command injection
CVSS 6.3
CVE-2026-8774 MEDIUM
Edimax BR-6228NC POST Request mp command injection
CVSS 6.3
CVE-2026-8767 MEDIUM
vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection
CVSS 5.0
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits