CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,666 vulnerabilities with CWE-78
CVE-2026-7153
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-7152
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-7140
CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7139
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-7138
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection
CVSS 9.8
CVE-2026-7137
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-7136
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-7125
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-7124
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-7123
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-7122
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-7121
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-7119
HIGH
Tenda HG3 formCountrystr os command injection
CVSS 8.8
CVE-2026-7096
HIGH
Tenda HG3 formgponConf os command injection
CVSS 8.8
CVE-2026-7066
HIGH
choieastsea simple-openstack-mcp server.py exec_openstack os command injection
CVSS 7.3
CVE-2026-33277
HIGH
Japan Computer Emergency Response Team Coordination Center (jpcert/cc) LogonTracer < prior to v2.0.0 - Command Injection
CVSS 8.8
CVE-2026-7064
HIGH
AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
CVSS 7.3
CVE-2026-7062
HIGH
Intina47 context-sync Git Integration git-integration.ts os command injection
CVSS 7.3
CVE-2026-7061
HIGH
Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection
CVSS 7.3
CVE-2026-7037
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-6992
HIGH
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
CVSS 7.2
CVE-2026-41421
HIGH
SiYuan Desktop Notification XSS Leads to Electron RCE
CVSS 8.8
CVE-2026-41411
MEDIUM
Vim <9.2.0357 - Command Injection
CVSS 6.6
CVE-2026-33208
HIGH
Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint
CVSS 8.8
CVE-2026-6942
CRITICAL
radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass
CVSS 9.8
Details
Vulnerabilities
5,666
Exploit Likelihood
High