Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88

CVE-2026-47365 CRITICAL

Webpros WordPress-Toolkit < 6.11.0 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2026-47250 MEDIUM

mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

CVE-2026-46529 HIGH

PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

CVE-2026-53694 HIGH

Potential local privileges escalation through argument injection in the nxchmod.sh script

CVE-2026-52750 HIGH

Ghidra < 12.1- Command Injection via URL Annotation Click

CVE-2026-11332 HIGH

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

CVE-2026-41013 HIGH

CloudFoundry Foundation diego-release - Argument Injection via SMB Volume Mount Option Bypass

CVE-2026-49373 HIGH

Jetbrains TeamCity < 2026.1 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2026-48116 HIGH

AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

CVE-2026-44712 HIGH

pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

CVE-2026-44450 CRITICAL

Lumiverse: RCE via MCP stdio argument injection

CVE-2026-44449 CRITICAL

Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape

CVE-2026-3515 HIGH

Argument Injection in prefecthq/prefect

CVE-2026-47114 HIGH

IINA < 1.4.3 Command Execution via iina://open URL Scheme

CVE-2026-8773 MEDIUM

linlinjava litemall Database Setting DbUtil.java load argument injection

CVE-2026-46483 LOW

Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

CVE-2026-45158 CRITICAL

OPNsense: Command Injection via Attacker-Controlled DHCP Config

CVE-2026-44193 CRITICAL

OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method

CVE-2026-42266 HIGH

jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.

CVE-2026-31230 CRITICAL

Adversarial Robustness Toolbox <=1.20.1 - Command Injection

CVE-2026-25690 MEDIUM

Fortinet FortiDeceptor - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2026-43893 HIGH

exiftool-vendored: Argument injection via newline characters in tag names

CVE-2026-45181 MEDIUM

Hex-rays Ida < 9.3sp2 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2026-42601 CRITICAL

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

CVE-2026-41570 HIGH

PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Page 1 of 15 Next

Details

Vulnerabilities 359

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy