CWE-78— OS Command Injection
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.— MITRE CWE catalog
5,858 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 103 of 118
- CVE-2026-15496MEDIUMCVSS 6.3EG 6.32026-07-12
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Sc…
- CVE-2026-15511CRITICALCVSS 9.8EG 9.82026-07-12
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argumen…
- CVE-2026-15513MEDIUMCVSS 6.3EG 6.32026-07-12
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can …
- CVE-2026-15546MEDIUMCVSS 6.3EG 6.32026-07-13
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remo…
- CVE-2026-15547MEDIUMCVSS 6.3EG 6.32026-07-13
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can…
- CVE-2026-15669MEDIUMCVSS 5.3EG 5.32026-07-14
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack r…
- CVE-2026-15895HIGHCVSS 7.8EG 7.82026-07-15
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitiga…
- CVE-2026-1665MEDIUMCVSS 5.4EG 5.42026-01-29
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget co…
- CVE-2026-1723CRITICALCVSS 9.2EG 9.22026-01-30
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.
- CVE-2026-1731CRITICALCVSS 9.8EG 9.8⚠ KEV2026-02-06
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attack…
- CVE-2026-1961HIGHCVSS 8.0EG 8.02026-03-26
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resourc…
- CVE-2026-20008MEDIUMCVSS 6.0EG 6.02026-03-04
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cra…
- CVE-2026-20036MEDIUMCVSS 6.5EG 6.52026-02-25
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system…
- CVE-2026-20040HIGHCVSS 8.8EG 8.82026-03-11
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient v…
- CVE-2026-20099MEDIUMCVSS 6.7EG 6.72026-02-25
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affecte…
- CVE-2026-20206MEDIUMCVSS 6.3EG 6.32026-05-20
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. C…
- CVE-2026-20266CRITICALCVSS 9.1EG 9.12026-06-17
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell executi…
- CVE-2026-2035MEDIUMCVSS 6.8EG 6.82026-02-20
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is …
- CVE-2026-2061MEDIUMCVSS 4.7EG 4.72026-02-06
A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remote…
- CVE-2026-2063MEDIUMCVSS 4.7EG 4.72026-02-06
A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os co…
- CVE-2026-20759HIGHCVSS 8.8EG 8.82026-01-16
OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.
- CVE-2026-2081MEDIUMCVSS 4.7EG 4.72026-02-07
A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be…
- CVE-2026-2082MEDIUMCVSS 4.7EG 4.72026-02-07
A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from …
- CVE-2026-2084HIGHCVSS 7.2EG 7.22026-02-07
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch …
- CVE-2026-20910HIGHCVSS 8.8EG 8.02026-02-27
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware upd…
- CVE-2026-2120HIGHCVSS 7.2EG 7.22026-02-08
A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/s…
- CVE-2026-21267HIGHCVSS 8.6EG 8.62026-01-13
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitat…
- CVE-2026-2129HIGHCVSS 7.2EG 7.22026-02-08
A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command …
- CVE-2026-2131MEDIUMCVSS 6.3EG 6.32026-02-08
A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possibl…
- CVE-2026-21418HIGHCVSS 7.8EG 7.82026-01-30
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vuln…
- CVE-2026-2142HIGHCVSS 7.2EG 7.22026-02-08
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The e…
- CVE-2026-2143HIGHCVSS 7.2EG 7.22026-02-08
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserN…
- CVE-2026-2151HIGHCVSS 7.2EG 7.22026-02-08
A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack ca…
- CVE-2026-2152HIGHCVSS 7.2EG 7.22026-02-08
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in…
- CVE-2026-2155HIGHCVSS 7.2EG 7.22026-02-08
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results…
- CVE-2026-2157HIGHCVSS 7.2EG 7.22026-02-08
A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os co…
- CVE-2026-21571CRITICALCVSS 9.4EG 9.42026-04-21
This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS…
- CVE-2026-2167MEDIUMCVSS 6.3EG 6.32026-02-08
A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack ma…
- CVE-2026-21719HIGHCVSS 7.2EG 7.22026-04-17
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
- CVE-2026-2175HIGHCVSS 7.2EG 7.22026-02-08
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of th…
- CVE-2026-21837HIGHCVSS 8.8EG 8.82026-06-05
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable applicati…
- CVE-2026-2184HIGHCVSS 7.3EG 7.32026-02-08
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument phot…
- CVE-2026-2188HIGHCVSS 7.2EG 7.22026-02-08
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It …
- CVE-2026-21893HIGHCVSS 7.2EG 7.22026-02-04
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users wit…
- CVE-2026-21915MEDIUMCVSS 6.7EG 6.72026-04-09
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accept…
- CVE-2026-22035HIGHCVSS 7.7EG 7.72026-01-08
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Fo…
- CVE-2026-2210HIGHCVSS 7.2EG 7.22026-02-09
A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been di…
- CVE-2026-22100HIGHCVSS 8.6EG 8.62026-07-13
The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root.
- CVE-2026-22169MEDIUMCVSS 6.7EG 6.72026-03-18
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.…
- CVE-2026-22176MEDIUMCVSS 6.1EG 6.12026-03-19
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell meta…
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →