CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,946 vulnerabilities with CWE-78
CVE-2026-8190 MEDIUM
Wavlink NU516U1 adm.cgi wan os command injection
CVSS 6.3
CVE-2026-8189 MEDIUM
Wavlink NU516U1 adm.cgi wzdrepeater os command injection
CVSS 6.3
CVE-2026-8188 MEDIUM
Wavlink NU516U1 adm.cgi change_wifi_password os command injection
CVSS 6.3
CVE-2026-3828 HIGH
Hikvision DS-3E1310P-SI - Authenticated RCE
CVSS 7.2
CVE-2026-44656 MEDIUM
Vim path Completion - OS Command Injection
CVSS 5.3
CVE-2026-42454 CRITICAL
Termix: OS Command Injection in Docker Container Management Endpoints
CVSS 9.9
CVE-2026-42307 MEDIUM
Vim netrw - OS Command Injection
CVSS 4.4
CVE-2026-41497 CRITICAL
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
CVSS 9.8
CVE-2026-8153 CRITICAL
Command injection in Dashboard Server interface
CVSS 9.8
CVE-2026-43943 HIGH
electerm: RCE via malicious SSH server filename in openFileWithEditor
CVSS 7.8
CVE-2026-42271 HIGH KEV
LiteLLM: Authenticated command execution via MCP stdio test endpoints
CVSS 8.8
CVE-2026-41900 HIGH
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
CVSS 8.8
CVE-2026-8112 MEDIUM
8421bit MiniClaw kernel.ts executeCognitivePulse os command injection
CVSS 6.3
CVE-2026-42215 HIGH
GitPython: Command injection via Git options bypass
CVSS 8.8
CVE-2026-31196 HIGH
ALTICE LABS GR140DG/GR140IG - Command Injection
CVSS 8.8
CVE-2026-31195 HIGH
ALTICE LABS GR140DG/GR140IG - Command Injection
CVSS 8.8
CVE-2026-36356 CRITICAL
MeiG Smart FORGE_SLT711 MDM9607.LE.1.0-00110 - Command Injection
CVSS 9.1
CVE-2026-7823 CRITICAL
Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection
CVSS 9.8
CVE-2026-7785 HIGH
A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection
CVSS 7.3
CVE-2026-41926 CRITICAL
WDR201A WiFi Extender OS Command Injection via firewall.cgi
CVE-2026-41925 CRITICAL
WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)
CVE-2026-41924 CRITICAL
WDR201A WiFi Extender OS Command Injection via makeRequest.cgi
CVE-2026-41923 CRITICAL
WDR201A WiFi Extender OS Command Injection via internet.cgi
CVE-2026-41922 CRITICAL
WDR201A WiFi Extender OS Command Injection via wireless.cgi
CVE-2026-42076 CRITICAL
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 5,946
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits