CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,964 vulnerabilities with CWE-78
CVE-2026-27613 CRITICAL
TinyWeb < 2.01 - Unauthenticated Argument Injection via CGI Parameter Bypass
CVSS 9.8
CVE-2026-27849 CRITICAL
MR9600 1.0.4.205530/MX4200 1.0.13.210200 - Command Injection
CVSS 9.8
CVE-2026-27728 CRITICAL
OneUptime <10.0.7 - Command Injection
CVSS 9.9
CVE-2026-20099 MEDIUM
Cisco FXOS/UCS Manager - Command Injection
CVSS 6.7
CVE-2026-20036 MEDIUM
Cisco UCS Manager - Command Injection
CVSS 6.5
CVE-2026-27848 CRITICAL
MR9600 1.0.4.205530 / MX4200 1.0.13.210200 - Command Injection
CVSS 9.8
CVE-2026-27626 CRITICAL
OliveTin <=3000.10.0 - Command Injection
CVSS 9.9
CVE-2026-22553 CRITICAL
InSAT MasterSCADA BUK-TS - Command Injection
CVSS 9.8
CVE-2026-23678 HIGH
Binardat 10G08-0800GSM V300SP10260209 - Command Injection
CVSS 8.8
CVE-2026-3102 MEDIUM
exiftool <=13.49 - Command Injection
CVSS 6.3
CVE-2026-3101 MEDIUM
Intelbras TIP 635G 1.12.3.5 - Command Injection
CVSS 6.3
CVE-2026-27208 CRITICAL
bleon-ethical/api-gateway-deploy 1.0.0 - Command Injection
CVSS 9.2
CVE-2026-26331 HIGH
yt-dlp 2023.06.21-2026.02.21 - Command Injection
CVSS 8.8
CVE-2026-1459 HIGH
Zyxel VMG3625-T50B <5.50(ABPM.9.7)C0 - Command Injection
CVSS 7.2
CVE-2026-3040 MEDIUM
DrayTek Vigor 300B <=1.5.1.6 - Command Injection
CVSS 4.7
CVE-2026-2952 HIGH
Vaelsys 4.1.0 - OS Command Injection via xajaxargs Parameter
CVSS 7.3
CVE-2026-2944 HIGH
Tosei Online Store Management System 1.01 - Command Injection
CVSS 7.3
CVE-2026-27487 HIGH
OpenClaw <2026.2.13 - Command Injection
CVSS 7.6
CVE-2026-26046 HIGH
Moodle TeX Filter - Command Injection
CVSS 7.2
CVE-2026-2043 HIGH
Nagios Host - Command Injection RCE
CVSS 8.8
CVE-2026-2042 HIGH
Nagios Host - Command Injection RCE
CVSS 8.8
CVE-2026-2041 HIGH
Nagios Host - Command Injection RCE
CVSS 8.8
CVE-2026-2035 MEDIUM
Deciso OPNsense - Command Injection RCE
CVSS 6.8
CVE-2026-27113 MEDIUM
Liquid Prompt cf34412-a4f6b8d - Command Injection
CVSS 6.3
CVE-2026-27190 HIGH
Deno < 2.6.8 - OS Command Injection via node:child_process
CVSS 8.1
Details
Vulnerabilities 5,964
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits