CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,666 vulnerabilities with CWE-78
CVE-2026-7593
HIGH
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
CVSS 7.3
CVE-2026-7590
HIGH
eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
CVSS 7.3
CVE-2026-42994
HIGH
Bitwarden CLI 2026.4.0 - Supply Chain Attack
CVE-2026-7538
CRITICAL
Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
CVSS 9.8
CVE-2026-7551
HIGH
HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
CVSS 8.8
CVE-2026-7461
HIGH
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
CVSS 7.2
CVE-2026-7446
HIGH
VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
CVSS 7.3
CVE-2026-7443
HIGH
BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
CVSS 7.3
CVE-2026-7416
HIGH
PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
CVSS 7.3
CVE-2026-6849
HIGH
OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
CVSS 8.8
CVE-2026-7244
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
CVSS 9.8
CVE-2026-7243
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-7242
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection
CVSS 9.8
CVE-2026-7241
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-7240
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-7220
HIGH
jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection
CVSS 7.3
CVE-2026-1460
HIGH
Zyxel DX3301-T0 Firmware < 5.50(ABVY.7.1)C0 - Command Injection
CVSS 7.2
CVE-2026-0711
MEDIUM
Zyxel DX3300-T0 Firmware < 5.50(ABVY.7.1)C0 - Command Injection
CVSS 6.8
CVE-2026-7204
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-7203
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-7202
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
CVSS 9.8
CVE-2026-32649
MEDIUM
Milesight Cameras OS Command Injection
CVSS 6.8
CVE-2026-7156
CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7155
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-7154
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
Details
Vulnerabilities
5,666
Exploit Likelihood
High