CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,948 vulnerabilities with CWE-78
CVE-2026-24893 HIGH
openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion
CVSS 8.8
CVE-2026-39808 CRITICAL
FortiSandbox 4.4.0-4.4.8 - OS Command Injection
CVSS 9.8
CVE-2026-40288 CRITICAL
PraisonAI: Critical RCE via `type: job` workflow YAML
CVSS 9.8
CVE-2026-39420 MEDIUM
MaxKB: Sandbox escape via LD_PRELOAD bypass
CVSS 6.3
CVE-2026-39417 MEDIUM
MaxKB: RCE via MCP stdio command injection in workflow engine
CVSS 4.6
CVE-2026-6195 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-28291 HIGH
simple-git has Command Execution via Option-Parsing Bypass
CVSS 8.1
CVE-2026-34188 HIGH
OS Command Injection in Event Response Execution
CVSS 7.2
CVE-2026-30809 HIGH
OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution
CVSS 8.8
CVE-2026-30806 HIGH
OS Command Injection in Network Report leads to Remote Code Execution
CVSS 8.8
CVE-2026-6204 HIGH
LibreNMS < 26.3.0 - Authenticated Remote Code Execution via Binary Locations Config
CVSS 7.2
CVE-2026-6158 HIGH
Totolink N300RH upgrade.so setUpgradeUboot os command injection
CVSS 7.3
CVE-2026-6156 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-6155 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-6154 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-6141 MEDIUM
danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
CVSS 6.3
CVE-2026-6140 CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-6139 CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-6138 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
CVE-2026-6132 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
CVSS 9.8
CVE-2026-6131 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection
CVSS 9.8
CVE-2026-6130 HIGH
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
CVSS 7.3
CVE-2026-6116 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
CVSS 9.8
CVE-2026-6115 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
CVSS 9.8
CVE-2026-6114 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
CVSS 9.8
Details
Vulnerabilities 5,948
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits