CWE-15— External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user.— MITRE CWE catalog
69 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-15page 2 of 2
- CVE-2026-1784HIGHCVSS 8.8EG 8.82026-06-02
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controll…
- CVE-2026-21422LOWCVSS 3.4EG 3.42026-03-04
Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…
- CVE-2026-22708CRITICALCVSS 9.8EG 9.82026-01-14
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without…
- CVE-2026-22750HIGHCVSS 7.5EG 7.52026-04-10
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer u…
- CVE-2026-27203HIGHCVSS 8.3EG 8.32026-02-21
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_us…
- CVE-2026-30816MEDIUMCVSS 5.7EG 5.72026-04-08
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation ma…
- CVE-2026-30817MEDIUMCVSS 5.7EG 5.72026-04-08
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may a…
- CVE-2026-33092HIGHCVSS 7.8EG 7.82026-04-10
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
- CVE-2026-35650HIGHCVSS 7.5EG 7.52026-04-10
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malforme…
- CVE-2026-41176CRITICALCVSS 9.8EG 9.82026-04-23
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including …
- CVE-2026-41294HIGHCVSS 8.6EG 8.62026-04-21
OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override run…
- CVE-2026-41384HIGHCVSS 7.8EG 7.82026-04-28
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious wor…
- CVE-2026-41489HIGHCVSS 8.8EG 8.82026-05-11
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihol…
- CVE-2026-43531HIGHCVSS 7.3EG 7.32026-05-05
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub reso…
- CVE-2026-44417HIGHCVSS 7.5EG 7.52026-05-22
The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apa…
- CVE-2026-44774CRITICALCVSS 9.9EG 9.92026-05-15
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the provi…
- CVE-2026-45087CRITICALCVSS 10.0EG 10.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the…
- CVE-2026-46399CRITICALCVSS 9.4EG 9.42026-06-05
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Gi…
- CVE-2026-6973HIGHCVSS 7.2EG 9.0⚠ KEV2026-05-07
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Map vulnerabilities like CWE-15 to your infrastructure
EchelonGraph correlates every CVE — across CWE-15 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →