CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,946 vulnerabilities with CWE-78
CVE-2026-7730
MEDIUM
privsim mcp-test-runner MCP index.ts child_process.spawn os command injection
CVSS 6.3
CVE-2026-42364
CRITICAL
GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability
CVSS 9.9
CVE-2026-7698
HIGH
Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
CVSS 7.3
CVE-2026-7653
MEDIUM
r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
CVSS 6.3
CVE-2026-7642
MEDIUM
pskill9 website-downloader MCP index.ts download_website os command injection
CVSS 6.3
CVE-2026-7609
MEDIUM
TRENDnet TEW-821DAP Firmware Udpate diagnostic tools_diagnostic os command injection
CVSS 6.3
CVE-2026-7608
MEDIUM
TRENDnet TEW-821DAP tools_diagnostic os command injection
CVSS 5.5
CVE-2026-7600
MEDIUM
ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection
CVSS 6.3
CVE-2026-7593
HIGH
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
CVSS 7.3
CVE-2026-7590
HIGH
eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
CVSS 7.3
CVE-2026-42994
CRITICAL
Bitwarden CLI 2026.4.0 - Supply Chain Attack
CVSS 9.8
CVE-2026-7538
CRITICAL
Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
CVSS 9.8
CVE-2026-7551
HIGH
HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
CVSS 8.8
CVE-2026-7461
HIGH
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
CVSS 7.2
CVE-2026-7446
HIGH
VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
CVSS 7.3
CVE-2026-7443
HIGH
BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
CVSS 7.3
CVE-2026-7416
HIGH
PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
CVSS 7.3
CVE-2026-6849
HIGH
OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
CVSS 8.8
CVE-2026-7244
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
CVSS 9.8
CVE-2026-7243
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-7242
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection
CVSS 9.8
CVE-2026-7241
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-7240
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-7220
HIGH
jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection
CVSS 7.3
CVE-2026-1460
HIGH
Zyxel DX3301-T0 & EX3301-T0 <= 5.50(ABVY.7.1)C0 Authenticated OS Command Injection via DHCP
CVSS 7.2
Details
Vulnerabilities
5,946
Exploit Likelihood
High