CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,959 vulnerabilities with CWE-78
CVE-2026-23759 HIGH
Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
CVSS 7.2
CVE-2026-4253 MEDIUM
Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection
CVSS 4.7
CVE-2026-4170 CRITICAL
Topsec TopACM HTTP Request nmc_sync.php os command injection
CVSS 9.8
CVE-2026-3227 MEDIUM
Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
CVSS 6.8
CVE-2026-31386 HIGH
OpenLiteSpeed and LSWS Enterprise - Authenticated OS Command Injection
CVSS 7.2
CVE-2026-32260 HIGH
Deno 2.7.0-2.7.1 - Command Injection
CVSS 8.1
CVE-2026-3841 HIGH
TP-Link TL-MR6400 v5.3 - Command Injection
CVSS 8.8
CVE-2026-28384 CRITICAL
Canonical LXD 4.12-6.6 - Command Injection
CVE-2026-3964 MEDIUM
OpenAkita <1.24.3 - Command Injection
CVSS 5.3
CVE-2026-3959 MEDIUM
0xKoda WireMCP - OS Command Injection in Tshark CLI Command Handler
CVSS 5.3
CVE-2026-31975 CRITICAL
Cloud CLI <1.25.0 - Command Injection
CVSS 9.8
CVE-2026-31862 CRITICAL
Cloud CLI <1.24.0 - Command Injection
CVSS 9.1
CVE-2026-31854 HIGH
Cursor < 2.0 - OS Command Injection via Indirect Prompt Injection
CVSS 8.8
CVE-2026-20040 HIGH
Cisco IOS XR - Privilege Escalation
CVSS 8.8
CVE-2026-23816 HIGH
AOS-CX Switches - Command Injection
CVSS 7.2
CVE-2026-28292 CRITICAL
simple-git 3.15.0-3.32.2 - Remote Code Execution
CVSS 9.8
CVE-2026-25836 HIGH
Fortinet FortiSandbox Cloud 5.0.4 - Command Injection
CVSS 7.2
CVE-2026-26982 MEDIUM
ghostty < 1.3.0 - OS Command Injection via Control Character Injection
CVSS 6.3
CVE-2026-25041 HIGH
Budibase <=3.23.22 - Command Injection
CVSS 7.2
CVE-2026-3696 HIGH
Totolink N300RH 6..1c.1353_B20190305 - Command Injection
CVSS 7.3
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVSS 9.9
CVE-2026-25070 CRITICAL
XikeStor SKS8310-8X <1.04.B07 - Command Injection
CVSS 9.8
CVE-2026-29783 HIGH
GitHub Copilot CLI <=0.0.422 - Code Injection
CVSS 7.8
CVE-2026-29058 CRITICAL
AVideo < 7.0 - Unauthenticated OS Command Injection via base64Url GET Parameter
CVSS 9.8
CVE-2026-28507 HIGH
Idno <1.6.4 - Remote Code Execution
CVSS 7.2
Details
Vulnerabilities 5,959
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits