CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,332 vulnerabilities with CWE-77
CVE-2026-5023 MEDIUM
DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection
CVSS 5.3
CVE-2026-5020 MEDIUM
Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection
CVSS 6.3
CVE-2026-5012 HIGH
elecV2 elecV2P rpc pm2run os command injection
CVSS 7.3
CVE-2026-5007 MEDIUM
kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
CVSS 5.3
CVE-2026-32241 HIGH
Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
CVSS 7.5
CVE-2026-4840 HIGH
Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection
CVSS 8.8
CVE-2026-4627 HIGH
D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection
CVSS 7.2
CVE-2026-4611 HIGH
TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826 - Command Injection
CVSS 7.2
CVE-2026-4591 MEDIUM
kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection
CVSS 4.7
CVE-2026-4585 CRITICAL
Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection
CVSS 9.8
CVE-2026-4558 HIGH
Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
CVSS 8.8
CVE-2026-4554 MEDIUM
Tenda F453 WriteFacMac FormWriteFacMac privilege escalation
CVSS 6.3
CVE-2026-4543 MEDIUM
Wavlink WL-WN578W2 POST Request firewall.cgi command injection
CVSS 6.3
CVE-2026-4537 MEDIUM
Cudy TR1200 ipsec.lua action_ipsec_conn command injection
CVSS 4.7
CVE-2026-32052 MEDIUM
OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers
CVSS 6.4
CVE-2026-4499 HIGH
D-Link DIR-820LW SSDP ssdpcgi_main os command injection
CVSS 7.3
CVE-2026-4497 HIGH
Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection
CVSS 7.3
CVE-2026-4496 MEDIUM
sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection
CVSS 5.3
CVE-2026-4468 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4467 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4466 MEDIUM
Comfast CF-AC100 mbox-config command injection
CVSS 4.7
CVE-2026-4465 MEDIUM
D-Link DIR-513 formSysCmd os command injection
CVSS 6.3
CVE-2026-32194 CRITICAL
Microsoft Bing Images Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-32622 HIGH
SQLBot: Remote Code Execution via Terminology Poisoning
CVE-2026-26136 MEDIUM
Microsoft Copilot Information Disclosure Vulnerability
CVSS 6.5
Details
Vulnerabilities 3,332
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits