CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,552 vulnerabilities with CWE-77
CVE-2026-8189
MEDIUM
Wavlink NU516U1 adm.cgi wzdrepeater os command injection
CVSS 6.3
CVE-2026-8188
MEDIUM
Wavlink NU516U1 adm.cgi change_wifi_password os command injection
CVSS 6.3
CVE-2026-42453
HIGH
Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass
CVE-2026-41497
CRITICAL
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
CVSS 9.8
CVE-2026-42271
HIGH
KEV
LiteLLM: Authenticated command execution via MCP stdio test endpoints
CVSS 8.8
CVE-2026-41501
CRITICAL
electerm has Command Injection Vulnerability via runLinux function
CVSS 9.8
CVE-2026-41500
CRITICAL
electerm has Command Injection Vulnerability via runMac function
CVSS 9.8
CVE-2026-8112
MEDIUM
8421bit MiniClaw kernel.ts executeCognitivePulse os command injection
CVSS 6.3
CVE-2026-35428
CRITICAL
Azure Cloud Shell Spoofing Vulnerability
CVSS 9.6
CVE-2026-33111
HIGH
Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
CVSS 7.5
CVE-2026-20169
MEDIUM
Cisco IoT Field Network Director Command Injection Vulnerability
CVSS 6.4
CVE-2026-40068
HIGH
Claude Code arbitrary code execution via git worktree commondir trust dialog bypass
CVSS 8.8
CVE-2026-7833
HIGH
EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection
CVSS 7.2
CVE-2026-7823
CRITICAL
Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection
CVSS 9.8
CVE-2026-7812
HIGH
54yyyu code-mcp MCP Tool server.py git_operation command injection
CVSS 7.3
CVE-2026-7785
HIGH
A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection
CVSS 7.3
CVE-2026-36365
HIGH
Lymphatus caesium-image-compressor - Code Injection
CVSS 7.8
CVE-2026-7730
MEDIUM
privsim mcp-test-runner MCP index.ts child_process.spawn os command injection
CVSS 6.3
CVE-2026-7721
MEDIUM
Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection
CVSS 6.3
CVE-2026-7720
MEDIUM
Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection
CVSS 6.3
CVE-2026-7718
MEDIUM
Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection
CVSS 6.3
CVE-2026-7705
MEDIUM
JD Cloud JDCOS Service jdcap set_iptv_info command injection
CVSS 6.3
CVE-2026-7698
HIGH
Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
CVSS 7.3
CVE-2026-7692
MEDIUM
Wavlink WL-WN570HA1 adm.cgi ping_ddns command injection
CVSS 6.3
CVE-2026-7691
MEDIUM
Wavlink WL-WN570HA1 adm.cgi set_sys_cmd command injection
CVSS 6.3
Details
Vulnerabilities
3,552
Exploit Likelihood
High