CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,948 vulnerabilities with CWE-78
CVE-2026-5972
HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
CVSS 7.3
CVE-2026-40088
CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
CVSS 9.6
CVE-2026-5854
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-5853
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-5852
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-5851
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-5850
CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-5844
HIGH
D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection
CVSS 7.2
CVE-2026-5831
MEDIUM
Agions taskflow-ai terminal_execute handlers.ts os command injection
CVSS 6.3
CVE-2026-40032
HIGH
UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution
CVSS 7.8
CVE-2026-40030
HIGH
parseusbs < 1.9 Command Injection via Volume Path Argument
CVSS 7.8
CVE-2026-40029
HIGH
parseusbs < 1.9 Command Injection via Crafted LNK Filename
CVSS 7.8
CVE-2026-5802
HIGH
idachev mcp-javadc HTTP os command injection
CVSS 7.3
CVE-2026-39862
HIGH
Tophat <2.5.1 Tophat Links - Command Injection
CVSS 8.8
CVE-2026-30818
HIGH
OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53
CVSS 8.0
CVE-2026-30815
HIGH
OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53
CVSS 8.0
CVE-2026-27806
HIGH
Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
CVSS 7.8
CVE-2026-5208
HIGH
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
CVSS 8.2
CVE-2026-5741
HIGH
suvarchal docker-mcp-server HTTP index.ts pull_image os command injection
CVSS 7.3
CVE-2026-39382
CRITICAL
dbt Reusable Workflow comment-body - Command Injection
CVE-2026-4631
CRITICAL
Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
CVSS 9.8
CVE-2026-35585
HIGH
File Browser 2.0.0-2.63.1 Hook Runner - Command Injection
CVSS 7.2
CVE-2026-35581
HIGH
Emissary <8.39.0 Executrix PLACE_NAME - Command Injection
CVSS 7.2
CVE-2026-35521
HIGH
Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection
CVSS 8.8
CVE-2026-35520
HIGH
Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection
CVSS 8.8
Details
Vulnerabilities
5,948
Exploit Likelihood
High