CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,948 vulnerabilities with CWE-78
CVE-2026-6113 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
CVSS 9.8
CVE-2026-6112 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-6108 MEDIUM
1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
CVSS 6.3
CVE-2026-5059 CRITICAL
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-5058 CRITICAL
aws-mcp-server Command Injection Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-4157 HIGH
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
CVSS 7.5
CVE-2026-32892 CRITICAL
OS Command Injection in Chamilo LMS 1.11.36
CVSS 9.1
CVE-2026-6029 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-6028 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-6027 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-6026 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection
CVSS 9.8
CVE-2026-6025 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection
CVSS 9.8
CVE-2026-5997 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-5996 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-5995 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-5994 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-5993 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
CVSS 9.8
CVE-2026-40111 HIGH
PraisonAIAgents <1.5.128 Memory Hooks Executor - OS Command Injection
CVSS 8.8
CVE-2026-33791 MEDIUM
Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root
CVSS 6.7
CVE-2026-5978 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-5977 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-5976 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-5975 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-5974 HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
CVSS 7.3
CVE-2026-5973 HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
CVSS 7.3
Details
Vulnerabilities 5,948
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits