CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,332 vulnerabilities with CWE-77
CVE-2026-5741
HIGH
suvarchal docker-mcp-server HTTP index.ts pull_image os command injection
CVSS 7.3
CVE-2026-35580
CRITICAL
Emissary has GitHub Actions Shell Injection via Workflow Inputs
CVSS 9.1
CVE-2026-5692
HIGH
Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection
CVSS 7.3
CVE-2026-5691
HIGH
Totolink A7100RU cstecgi.cgi setFirewallType os command injection
CVSS 7.3
CVE-2026-5690
HIGH
Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection
CVSS 7.3
CVE-2026-5689
HIGH
Totolink A7100RU cstecgi.cgi setNtpCfg os command injection
CVSS 7.3
CVE-2026-5688
HIGH
Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection
CVSS 7.3
CVE-2026-5679
MEDIUM
Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection
CVSS 5.5
CVE-2026-5678
HIGH
Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
CVSS 7.3
CVE-2026-5677
HIGH
Totolink A7100RU cstecgi.cgi CsteSystem os command injection
CVSS 7.3
CVE-2026-5663
HIGH
OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy os command injection
CVSS 7.3
CVE-2026-31059
CRITICAL
UTT Aggressive HiPER 520W v3v1.7.7-180627 - RCE
CVSS 9.8
CVE-2026-5621
MEDIUM
ChrisChinchilla Vale-MCP HTTP index.ts os command injection
CVSS 5.3
CVE-2026-5619
MEDIUM
Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection
CVSS 5.3
CVE-2026-5603
MEDIUM
elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection
CVSS 5.3
CVE-2026-5602
MEDIUM
Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection
CVSS 5.3
CVE-2026-5547
MEDIUM
Tenda AC10 httpd formAddMacfilterRule os command injection
CVSS 6.3
CVE-2026-5532
MEDIUM
ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection
CVSS 6.3
CVE-2026-5528
MEDIUM
MoussaabBadla code-screenshot-mcp HTTP os command injection
CVSS 6.3
CVE-2026-35558
HIGH
Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver
CVSS 7.8
CVE-2026-5463
HIGH
DAN Mcinerney Pymetasploit3 < 1.0.6 - Command Injection
CVSS 8.6
CVE-2026-5355
MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
CVSS 6.3
CVE-2026-5354
MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_connect os command injection
CVSS 6.3
CVE-2026-5353
MEDIUM
Trendnet TEW-657BRM setup.cgi ping_test os command injection
CVSS 6.3
CVE-2026-5352
MEDIUM
Trendnet TEW-657BRM setup.cgi edit os command injection
CVSS 6.3
Details
Vulnerabilities
3,332
Exploit Likelihood
High