CWE-78— OS Command Injection
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.— MITRE CWE catalog
5,859 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 106 of 118
- CVE-2026-28517CRITICALCVSS 9.8EG 9.82026-02-27
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() witho…
- CVE-2026-28797HIGHCVSS 8.8EG 8.82026-04-03
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message com…
- CVE-2026-2952HIGHCVSS 7.3EG 7.32026-02-22
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The atta…
- CVE-2026-29607MEDIUMCVSS 6.8EG 6.82026-03-19
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inne…
- CVE-2026-29783HIGHCVSS 7.8EG 7.82026-03-06
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., …
- CVE-2026-3014CRITICALCVSS 9.1EG 9.12026-07-14
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be a…
- CVE-2026-30302CRITICALCVSS 10.0EG 10.02026-03-27
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (th…
- CVE-2026-30303CRITICALCVSS 9.8EG 9.82026-03-27
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Uni…
- CVE-2026-30309HIGHCVSS 7.8EG 7.82026-03-31
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows…
- CVE-2026-30311CRITICALCVSS 9.8EG 9.82026-03-31
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command struc…
- CVE-2026-30314CRITICALCVSS 9.8EG 9.82026-03-31
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command struc…
- CVE-2026-3040MEDIUMCVSS 4.7EG 4.72026-02-23
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File lea…
- CVE-2026-30635HIGHCVSS 8.1EG 8.12026-05-11
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an exter…
- CVE-2026-30806HIGHCVSS 8.8EG 8.82026-04-13
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800
- CVE-2026-30809HIGHCVSS 8.8EG 8.82026-04-13
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
- CVE-2026-30815HIGHCVSS 8.0EG 8.02026-04-08
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient inp…
- CVE-2026-30818HIGHCVSS 8.0EG 8.02026-04-08
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input …
- CVE-2026-3101MEDIUMCVSS 6.3EG 6.32026-02-24
A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been ma…
- CVE-2026-31019HIGHCVSS 8.8EG 8.82026-04-21
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content…
- CVE-2026-3102MEDIUMCVSS 6.3EG 6.32026-02-24
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal caus…
- CVE-2026-31067MEDIUMCVSS 6.8EG 6.82026-04-06
A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
- CVE-2026-31177CRITICALCVSS 9.8EG 9.82026-04-23
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.
- CVE-2026-31178CRITICALCVSS 9.8EG 9.82026-04-23
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.
- CVE-2026-31181CRITICALCVSS 9.8EG 9.82026-04-23
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.
- CVE-2026-31195HIGHCVSS 8.8EG 8.82026-05-05
OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a …
- CVE-2026-31196HIGHCVSS 8.8EG 8.82026-05-05
OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input i…
- CVE-2026-31226CRITICALCVSS 9.8EG 9.82026-05-12
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction…
- CVE-2026-31246MEDIUMCVSS 6.5EG 6.52026-05-11
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a…
- CVE-2026-31386HIGHCVSS 7.2EG 7.22026-03-16
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
- CVE-2026-31994HIGHCVSS 7.1EG 7.12026-03-19
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local at…
- CVE-2026-31995MEDIUMCVSS 5.3EG 5.32026-03-19
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When s…
- CVE-2026-31996MEDIUMCVSS 4.4EG 4.42026-03-19
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with …
- CVE-2026-31999MEDIUMCVSS 6.3EG 6.32026-03-19
OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. …
- CVE-2026-32000HIGHCVSS 7.1EG 7.12026-03-19
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in com…
- CVE-2026-32003MEDIUMCVSS 6.6EG 6.62026-03-19
OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker…
- CVE-2026-32010MEDIUMCVSS 6.3EG 6.32026-03-19
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrar…
- CVE-2026-32034HIGHCVSS 8.1EG 8.12026-03-19
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity…
- CVE-2026-32056HIGHCVSS 7.5EG 7.52026-03-21
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startu…
- CVE-2026-32191CRITICALCVSS 9.8EG 9.82026-03-19
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
- CVE-2026-3227MEDIUMCVSS 6.8EG 6.82026-03-16
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an auth…
- CVE-2026-32298CRITICALCVSS 9.1EG 9.12026-03-17
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
- CVE-2026-32311CRITICALCVSS 9.8EG 9.82026-04-20
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches hav…
- CVE-2026-32649MEDIUMCVSS 6.8EG 6.82026-04-28
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
- CVE-2026-32833HIGHCVSS 8.8EG 8.82026-06-26
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POS…
- CVE-2026-32892CRITICALCVSS 9.1EG 9.12026-04-10
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path value…
- CVE-2026-32917CRITICALCVSS 9.8EG 9.82026-03-31
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitize…
- CVE-2026-33145MEDIUMCVSS 6.3EG 6.32026-04-17
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell s…
- CVE-2026-33208HIGHCVSS 8.8EG 8.82026-04-24
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedd…
- CVE-2026-33277HIGHCVSS 8.8EG 8.82026-04-27
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.
- CVE-2026-33412HIGHCVSS 7.3EG 7.32026-03-24
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an att…
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →