Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

326 vulnerabilities with CWE-88

CVE-2026-40938 HIGH

Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

CVE-2026-6437 MEDIUM

AWS EFS CSI Driver Mount Option Injection

CVE-2026-35153 MEDIUM

Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Command Injection

CVE-2026-4145 HIGH

Lenovo Software Fix <7.5.5.19 - Privilege Escalation

CVE-2026-39884 HIGH

MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

CVE-2026-35033 CRITICAL

Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection

CVE-2026-2449 CRITICAL

upKeeper Instant Privilege Access <=1.5.0 - Command Injection

CVE-2026-40113 HIGH

PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

CVE-2026-35585 HIGH

File Browser has a Command Injection via Hook Runner

CVE-2026-34769 HIGH

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

CVE-2026-35538 LOW

Roundcube Webmail < 1.5.14 - CSRF

CVE-2026-0634 HIGH

Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G

CVE-2026-29954 HIGH

KubePlus 4.1.4 - SSRF

CVE-2026-23924 MEDIUM

Agent 2 Docker plugin arbitrary file read via Docker API injection

CVE-2026-2298 CRITICAL

Salesforce Marketing Cloud Engagement - Command Injection

CVE-2026-4438 MEDIUM

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

CVE-2026-29608 MEDIUM

OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting

CVE-2026-22168 MEDIUM

OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run

CVE-2026-1717 MEDIUM

Lenovo Vantage/Baiying - Privilege Escalation

CVE-2026-1716 HIGH

Lenovo Vantage/Baiying - Privilege Escalation

CVE-2026-1715 HIGH

Lenovo Vantage/Baiying - Privilege Escalation

CVE-2026-25689 MEDIUM

Fortinet FortiDeceptor - Command Injection

CVE-2026-3682 MEDIUM

welovemedia FFmate <=2.0.15 - Command Injection

CVE-2026-26194 HIGH

Gogs <0.14.2 - Command Injection

CVE-2026-20016 MEDIUM

Cisco FXOS Software - Command Injection

Page 1 of 14 Next

Details

Vulnerabilities 326

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy