CVE-2026-2333

CRITICAL

Owl opds 2.2.0.4 - Command Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

References (1)

[Various Sources] https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-2333

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-77

Status published

Affected Products (1)

owlcyberdefense/opds-talon

Timeline

Published Feb 20, 2026

Tracked Since Feb 21, 2026