CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,552 vulnerabilities with CWE-77
CVE-2026-7690
MEDIUM
Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection
CVSS 6.3
CVE-2026-7687
MEDIUM
langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection
CVSS 6.3
CVE-2026-7683
MEDIUM
Edimax BR-6428nC Web setWAN command injection
CVSS 6.3
CVE-2026-7682
MEDIUM
Edimax BR-6208AC L2TP Mode setWAN command injection
CVSS 6.3
CVE-2026-7653
MEDIUM
r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
CVSS 6.3
CVE-2026-7642
MEDIUM
pskill9 website-downloader MCP index.ts download_website os command injection
CVSS 6.3
CVE-2026-7629
MEDIUM
kleneway awesome-cursor-mpc-server Ccode-Review Tool codeReview.ts runCodeReviewTool command injection
CVSS 6.3
CVE-2026-7628
MEDIUM
crazyrabbitLTC mcp-code-review-server RepoMix repomix.ts executeRepomix command injection
CVSS 6.3
CVE-2026-7609
MEDIUM
TRENDnet TEW-821DAP Firmware Udpate diagnostic tools_diagnostic os command injection
CVSS 6.3
CVE-2026-7608
MEDIUM
TRENDnet TEW-821DAP tools_diagnostic os command injection
CVSS 5.5
CVE-2026-7600
MEDIUM
ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection
CVSS 6.3
CVE-2026-7593
HIGH
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
CVSS 7.3
CVE-2026-7590
HIGH
eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
CVSS 7.3
CVE-2026-26461
MEDIUM
Aver PTC320UV2 0.1.0000.65 - Command Injection
CVSS 6.5
CVE-2026-7548
HIGH
Totolink NR1800X cstecgi.cgi sub_41A68C command injection
CVSS 8.8
CVE-2026-7538
CRITICAL
Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
CVSS 9.8
CVE-2026-7246
HIGH
Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
CVSS 7.2
CVE-2026-7469
MEDIUM
Tenda 4G300 DelFil sub_425A28 command injection
CVSS 6.3
CVE-2026-7446
HIGH
VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
CVSS 7.3
CVE-2026-7443
HIGH
BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
CVSS 7.3
CVE-2026-7416
HIGH
PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
CVSS 7.3
CVE-2026-26015
CRITICAL
Unauthenticated RCE in DocsGPT MCP STDIO Configuration
CVSS 9.8
CVE-2026-36841
CRITICAL
TOTOLINK N200RE V5 - Command Injection
CVSS 9.8
CVE-2026-7316
HIGH
eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection
CVSS 7.3
CVE-2026-7244
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
CVSS 9.8
Details
Vulnerabilities
3,552
Exploit Likelihood
High