CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,946 vulnerabilities with CWE-78
CVE-2026-31226 CRITICAL
TinyZero thru 6652a63 - Command Injection
CVSS 9.8
CVE-2026-8051 HIGH
Ivanti Virtual Traffic Manager - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 7.2
CVE-2026-35071 HIGH
Dell PowerScale InsightIQ < 6.3.0 or later - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.2
CVE-2026-7256 HIGH
Zyxel WRE6505 v2 Firmware - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 8.8
CVE-2026-45393 HIGH
Cribl Edge < 4.17.1 - Improper Input Validation
CVSS 7.8
CVE-2026-45391 HIGH
Cribl Edge < 4.17.1 - Improper Input Validation
CVSS 7.8
CVE-2026-30635 HIGH
automagik-genie 2.5.27 - Command Injection
CVSS 8.1
CVE-2026-7816 HIGH
pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
CVSS 8.8
CVE-2026-31246 MEDIUM
GPT-Pilot thru 0819827 - Command Injection
CVSS 6.5
CVE-2026-4802 HIGH
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
CVSS 8.0
CVE-2026-8273 MEDIUM
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection
CVSS 4.7
CVE-2026-8272 MEDIUM
D-Link DNS-320 webfile_mgr.cgi chown os command injection
CVSS 4.7
CVE-2026-8271 MEDIUM
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection
CVSS 4.7
CVE-2026-8265 MEDIUM
Tenda AC6 httpd getLogFile get_log_file os command injection
CVSS 4.7
CVE-2026-8264 MEDIUM
Tenda AC6 httpd WifiApScan formWifiApScan os command injection
CVSS 6.3
CVE-2026-8263 MEDIUM
Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection
CVSS 4.7
CVE-2026-8259 MEDIUM
Tenda AC6 httpd telnet os command injection
CVSS 4.7
CVE-2026-8235 MEDIUM
8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection
CVSS 5.5
CVE-2026-8230 MEDIUM
Wavlink NU516U1 login.cgi sys_login1 os command injection
CVSS 6.3
CVE-2026-8229 MEDIUM
Wavlink NU516U1 wireless.cgi WifiBasic os command injection
CVSS 6.3
CVE-2026-8228 MEDIUM
Wavlink NU516U1 wireless.cgi advance os command injection
CVSS 6.3
CVE-2026-8227 MEDIUM
Wavlink NU516U1 adm.cgi wzdapMesh os command injection
CVSS 6.3
CVE-2026-8217 MEDIUM
Industrial Application Software IAS Canias ERP RMI Runtime.getRuntime.exec os command injection
CVSS 6.3
CVE-2026-8192 MEDIUM
Wavlink NU516U1 adm.cgi wzdap os command injection
CVSS 6.3
CVE-2026-8191 MEDIUM
Wavlink NU516U1 adm.cgi wifi_region os command injection
CVSS 6.3
Details
Vulnerabilities 5,946
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits