CWE-78— OS Command Injection
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.— MITRE CWE catalog
5,863 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 113 of 118
- CVE-2026-55249HIGHCVSS 8.8EG 8.82026-06-23
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync(…
- CVE-2026-5528MEDIUMCVSS 6.3EG 6.32026-04-05
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack…
- CVE-2026-5532MEDIUMCVSS 6.3EG 6.32026-04-05
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The …
- CVE-2026-55410MEDIUMCVSS 6.7EG 6.72026-07-15
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from…
- CVE-2026-55420HIGHCVSS 8.1EG 8.12026-07-09
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched…
- CVE-2026-55427HIGHCVSS 8.3EG 8.32026-07-06
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into …
- CVE-2026-55441HIGHCVSS 8.6EG 8.62026-06-23
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. …
- CVE-2026-55448MEDIUMCVSS 6.3EG 6.32026-06-23
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes that value with sh -c when resolving a G…
- CVE-2026-5547MEDIUMCVSS 6.3EG 6.32026-04-05
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Mult…
- CVE-2026-55576HIGHCVSS 8.8EG 8.82026-07-15
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.title into a run: shell command during the…
- CVE-2026-55607HIGHCVSS 8.8EG 8.82026-06-29
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks…
- CVE-2026-55697HIGHCVSS 8.8EG 8.82026-06-25
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependen…
- CVE-2026-55743CRITICALCVSS 9.6EG 9.62026-06-17
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in sr…
- CVE-2026-55748MEDIUMCVSS 6.0EG 6.02026-06-17
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types o…
- CVE-2026-55798MEDIUMCVSS 4.5EG 4.52026-07-06
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=T…
- CVE-2026-55849HIGHCVSS 8.5EG 8.52026-06-19
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npm_execpath is unset or empty…
- CVE-2026-55895HIGHCVSS 7.8EG 7.82026-06-25
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file fro…
- CVE-2026-55975HIGHCVSS 7.2EG 7.22026-06-26
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command withou…
- CVE-2026-56004CRITICALCVSS 10.0EG 8.82026-07-02
A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the mali…
- CVE-2026-5602MEDIUMCVSS 5.3EG 5.32026-04-05
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulati…
- CVE-2026-5603MEDIUMCVSS 5.3EG 5.32026-04-05
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached …
- CVE-2026-56137HIGHCVSS 7.8EG 7.82026-06-30
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.
- CVE-2026-5619MEDIUMCVSS 5.3EG 5.32026-04-06
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead …
- CVE-2026-5621MEDIUMCVSS 5.3EG 5.32026-04-06
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in…
- CVE-2026-56274CRITICALCVSS 9.9EG 9.92026-06-23
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account…
- CVE-2026-56379MEDIUMCVSS 5.5EG 5.52026-06-23
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Gra…
- CVE-2026-56413CRITICALCVSS 10.0EG 10.02026-07-01
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote att…
- CVE-2026-56415CRITICALCVSS 10.0EG 10.02026-07-01
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload t…
- CVE-2026-5663HIGHCVSS 7.3EG 7.32026-04-06
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command…
- CVE-2026-56688CRITICALCVSS 9.1EG 9.12026-07-10
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially explo…
- CVE-2026-56700CRITICALCVSS 9.8EG 9.82026-07-01
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowe…
- CVE-2026-5677HIGHCVSS 7.3EG 7.32026-04-06
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The a…
- CVE-2026-5678HIGHCVSS 7.3EG 7.32026-04-06
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. …
- CVE-2026-5679MEDIUMCVSS 5.5EG 5.52026-04-06
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command inject…
- CVE-2026-56808HIGHCVSS 7.2EG 7.22026-06-30
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected…
- CVE-2026-5688HIGHCVSS 7.3EG 7.32026-04-06
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack…
- CVE-2026-5689HIGHCVSS 7.3EG 7.32026-04-06
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote ex…
- CVE-2026-5690HIGHCVSS 7.3EG 7.32026-04-06
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attac…
- CVE-2026-5691HIGHCVSS 7.3EG 7.32026-04-06
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is…
- CVE-2026-5692HIGHCVSS 7.3EG 7.32026-04-07
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be perf…
- CVE-2026-5707HIGHCVSS 8.8EG 8.82026-04-06
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as roo…
- CVE-2026-5709HIGHCVSS 8.8EG 8.82026-04-06
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted…
- CVE-2026-57282MEDIUMCVSS 5.0EG 5.02026-06-24
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execu…
- CVE-2026-5741HIGHCVSS 7.3EG 7.32026-04-07
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes o…
- CVE-2026-57999HIGHCVSS 8.8EG 8.82026-06-29
luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserve…
- CVE-2026-58000HIGHCVSS 8.8EG 8.82026-06-29
luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting. An a…
- CVE-2026-5802HIGHCVSS 7.3EG 7.32026-04-08
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the at…
- CVE-2026-5831MEDIUMCVSS 6.3EG 6.32026-04-09
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. Th…
- CVE-2026-5844HIGHCVSS 7.2EG 7.22026-04-09
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The a…
- CVE-2026-58452HIGHCVSS 8.8EG 8.82026-07-01
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP…
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →