CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,667 vulnerabilities with CWE-78
CVE-2026-30312 CRITICAL
DSAI-Cline - OS Command Injection via Newline Whitelist Bypass
CVSS 9.8
CVE-2026-30311 CRITICAL
Ridvay Auto-approval Module < 0.1.1 - Remote Code Execution
CVSS 9.8
CVE-2026-30309 HIGH
InfCode - Arbitrary Command Execution via PowerShell Blacklist Bypass
CVSS 7.8
CVE-2026-0596 HIGH
Command Injection in mlflow/mlflow
CVSS 7.8
CVE-2026-32917 CRITICAL
OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
CVSS 9.8
CVE-2026-30880 CRITICAL
baserCMS: OS command injection vulnerability in installer
CVSS 9.8
CVE-2026-30877 CRITICAL
baserCMS: OS Command Injection in the baserCMS Update Functionality
CVSS 9.1
CVE-2026-21861 CRITICAL
baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)
CVSS 9.1
CVE-2026-34714 CRITICAL
Vim <9.2.0272 - Code Injection
CVSS 9.2
CVE-2026-5125 MEDIUM
raine consult-llm-mcp server.ts child_process.execSync os command injection
CVSS 5.3
CVE-2026-33030 HIGH
Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys
CVSS 8.8
CVE-2026-5101 MEDIUM
Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection
CVSS 6.3
CVE-2026-4946 HIGH
NSA Ghidra Auto-Analysis Annotation Command Execution
CVSS 8.8
CVE-2026-34005 HIGH
Xiongmai Dvr/nvr Devices < 4.03.R11 - Command Injection
CVSS 8.8
CVE-2026-5023 MEDIUM
DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection
CVSS 5.3
CVE-2026-5012 HIGH
elecV2 elecV2P rpc pm2run os command injection
CVSS 7.3
CVE-2026-5007 MEDIUM
kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
CVSS 5.3
CVE-2026-33874 HIGH
Authenticator vulnerable to Remote Code Execution
CVSS 7.8
CVE-2026-33765 CRITICAL
Pi-hole Web Interface has a Command Injection Vulnerability
CVSS 9.8
CVE-2026-34387 CRITICAL
Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
CVSS 9.8
CVE-2026-30302 CRITICAL
CodeRider-Kilo - Command Injection via Auto-Approval Module
CVSS 10.0
CVE-2026-30303 CRITICAL
Axon Code - Command Injection via Auto-Approval Module
CVSS 9.8
CVE-2026-4622 CRITICAL
NEC Platforms, Ltd. Aterm Wg2600hs < Before Ver. 1.7.2 - Command Injection
CVSS 9.8
CVE-2026-4620 CRITICAL
NEC Platforms, Ltd. Aterm Wx1500hp < Before Ver. 1.4.2 - Command Injection
CVSS 9.8
CVE-2026-27650 CRITICAL
Buffalo Inc. Buffalo Wi-fi Router Products - Command Injection
CVSS 9.8
Details
Vulnerabilities 5,667
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits