CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,958 vulnerabilities with CWE-78
CVE-2026-34797 HIGH
Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34796 HIGH
Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34795 HIGH
Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34794 HIGH
Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34793 HIGH
Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34792 HIGH
Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34791 HIGH
Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-33641 HIGH
Glances Vulnerable to Command Injection via Dynamic Configuration Values
CVSS 7.8
CVE-2026-3692 HIGH
Unintended command execution during report generation in Progress Flowmon
CVSS 8.8
CVE-2026-2701 CRITICAL
RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
CVSS 9.1
CVE-2026-33613 HIGH
MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
CVSS 7.2
CVE-2026-1345 HIGH
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 7.3
CVE-2026-24154 HIGH
Nvidia Jetson Xavier Series, Jetson Orin Series And Jetson Thor - Denial of Service
CVSS 7.6
CVE-2026-34243 CRITICAL
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
CVSS 9.8
CVE-2026-30314 CRITICAL
Ridvay auto-approval_module < 0.1.1 - OS Command Injection via Shell Command Substitution Bypass
CVSS 9.8
CVE-2026-30312 CRITICAL
DSAI-Cline - OS Command Injection via Newline Whitelist Bypass
CVSS 9.8
CVE-2026-30311 CRITICAL
Ridvay auto-approval_module < 0.1.1 - Remote Code Execution via Shell Command Substitution Bypass
CVSS 9.8
CVE-2026-30309 HIGH
InfCode - Arbitrary Command Execution via PowerShell Blacklist Bypass
CVSS 7.8
CVE-2026-0596 HIGH
Command Injection in mlflow/mlflow
CVSS 7.8
CVE-2026-32917 CRITICAL
OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
CVSS 9.8
CVE-2026-30880 CRITICAL
baserCMS: OS command injection vulnerability in installer
CVSS 9.8
CVE-2026-30877 CRITICAL
baserCMS: OS Command Injection in the baserCMS Update Functionality
CVSS 9.1
CVE-2026-21861 CRITICAL
baserCMS <5.2.3 Core Update - Admin OS Command Injection
CVSS 9.1
CVE-2026-34714 CRITICAL
Vim < 9.2.0272 - Remote Code Execution via %{expr} Injection in Tabpanel
CVSS 9.2
CVE-2026-5125 MEDIUM
raine consult-llm-mcp server.ts child_process.execSync os command injection
CVSS 5.3
Details
Vulnerabilities 5,958
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits