CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,666 vulnerabilities with CWE-78
CVE-2026-30806 HIGH
OS Command Injection in Network Report leads to Remote Code Execution
CVSS 8.8
CVE-2026-6204 HIGH
Librenms < 26.3.0 - Remote Code Execution
CVSS 7.2
CVE-2026-6158 HIGH
Totolink N300RH upgrade.so setUpgradeUboot os command injection
CVSS 7.3
CVE-2026-6156 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-6155 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-6154 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-6141 MEDIUM
danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
CVSS 6.3
CVE-2026-6140 CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-6139 CRITICAL
Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-6138 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
CVE-2026-6132 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
CVSS 9.8
CVE-2026-6131 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection
CVSS 9.8
CVE-2026-6130 HIGH
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
CVSS 7.3
CVE-2026-6116 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
CVSS 9.8
CVE-2026-6115 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
CVSS 9.8
CVE-2026-6114 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
CVSS 9.8
CVE-2026-6113 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
CVSS 9.8
CVE-2026-6112 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-6108 MEDIUM
1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
CVSS 6.3
CVE-2026-5059 CRITICAL
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-5058 CRITICAL
aws-mcp-server Command Injection Remote Code Execution Vulnerability
CVSS 9.8
CVE-2026-4157 HIGH
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
CVSS 7.5
CVE-2026-32892 CRITICAL
OS Command Injection in Chamilo LMS 1.11.36
CVSS 9.1
CVE-2026-6029 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-6028 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
Details
Vulnerabilities 5,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits