CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,667 vulnerabilities with CWE-78
CVE-2026-34935 CRITICAL
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
CVSS 9.8
CVE-2026-28797 HIGH
RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component
CVSS 8.8
CVE-2026-5485 HIGH
OS command injection in Amazon Athena ODBC driver on Linux
CVSS 7.8
CVE-2026-35216 CRITICAL
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step
CVSS 9.0
CVE-2026-25044 HIGH
Budibase: Command Injection in Bash Automation Step
CVSS 8.8
CVE-2026-5355 MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
CVSS 6.3
CVE-2026-5354 MEDIUM
Trendnet TEW-657BRM setup.cgi vpn_connect os command injection
CVSS 6.3
CVE-2026-5353 MEDIUM
Trendnet TEW-657BRM setup.cgi ping_test os command injection
CVSS 6.3
CVE-2026-5352 MEDIUM
Trendnet TEW-657BRM setup.cgi edit os command injection
CVSS 6.3
CVE-2026-5351 MEDIUM
Trendnet TEW-657BRM setup.cgi add_wps_client os command injection
CVSS 6.3
CVE-2026-34797 HIGH
Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34796 HIGH
Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34795 HIGH
Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34794 HIGH
Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34793 HIGH
Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34792 HIGH
Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-34791 HIGH
Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection
CVSS 8.8
CVE-2026-33641 HIGH
Glances Vulnerable to Command Injection via Dynamic Configuration Values
CVSS 7.8
CVE-2026-3692 HIGH
Unintended command execution during report generation in Progress Flowmon
CVSS 8.8
CVE-2026-2701 CRITICAL
RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
CVSS 9.1
CVE-2026-33613 HIGH
MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
CVSS 7.2
CVE-2026-1345 HIGH
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 7.3
CVE-2026-24154 HIGH
Nvidia Jetson Xavier Series, Jetson Orin Series And Jetson Thor - Denial of Service
CVSS 7.6
CVE-2026-34243 CRITICAL
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
CVSS 9.8
CVE-2026-30314 CRITICAL
Ridvay Auto-approval Module < 0.1.1 - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 5,667
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits