CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,314 vulnerabilities with CWE-78
CVE-2026-3696 HIGH
Totolink N300RH 6..1c.1353_B20190305 - Command Injection
CVSS 7.3
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.10 - RCE
CVSS 9.9
CVE-2026-25070
XikeStor SKS8310-8X <1.04.B07 - Command Injection
CVE-2026-29783
GitHub Copilot CLI <=0.0.422 - Code Injection
CVE-2026-29058 CRITICAL
AVideo <7.0 - Command Injection
CVSS 9.8
CVE-2026-28507
Idno <1.6.4 - RCE
CVE-2026-28463 HIGH
OpenClaw - Info Disclosure
CVSS 8.4
CVE-2026-28287 HIGH
FreePBX 16.0.17.2-16.0.19 & 17.0.2.4-17.0.4 - Command Injection
CVSS 8.8
CVE-2026-28209 HIGH
FreePBX 16.0.17.2-16.0.19 & 17.0.2.4-17.0.4 - Command Injection
CVSS 7.2
CVE-2026-20008 MEDIUM
Cisco ASA/FTD - Command Injection
CVSS 6.0
CVE-2026-26478 CRITICAL
Mobvoi Tichome Mini - Command Injection
CVSS 9.8
CVE-2025-59783 HIGH
2N Access Commander 3.4.1 - Command Injection
CVSS 7.2
CVE-2026-27441 CRITICAL
SEPPmail Secure Email Gateway <15.0.1 - Command Injection
CVSS 9.8
CVE-2026-28774
IDC SFX Series SuperFlex 101 - Command Injection
CVE-2026-28773
IDC SFX Series 101 - Command Injection
CVE-2026-26279 CRITICAL
Froxlor <2.3.4 - Command Injection
CVSS 9.1
CVE-2026-3485 CRITICAL
D-Link DIR-868L 110b03 - Command Injection
CVSS 9.8
CVE-2025-13688 MEDIUM
IBM DataStage 5.1.2-5.3.0 - Command Injection
CVSS 6.3
CVE-2025-13687 MEDIUM
IBM DataStage 5.1.2-5.3.0 - Command Injection
CVSS 6.3
CVE-2025-13686 MEDIUM
IBM DataStage 5.1.2-5.3.0 - Command Injection
CVSS 6.3
CVE-2024-55021 HIGH
Weintek cMT-3072XH2 v2.1.53 - Auth Bypass
CVSS 7.5
CVE-2024-55020 CRITICAL
Weintek cMT-3072XH2 v2.1.53 - Command Injection
CVSS 9.8
CVE-2025-67840 HIGH
Cohesity TranZman 4.0-SEP2025 - Command Injection
CVSS 7.2
CVE-2025-63911 HIGH
Cohesity TranZman 4.0 Build 14614 - Command Injection
CVSS 7.2
CVE-2026-0654 HIGH
TP-Link Deco BE25 v1.0-1.1.1 - Command Injection
CVSS 8.0
Details
Vulnerabilities 5,314
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits