Opds Talon
CVE-2026-2333
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
AnalysisAI
Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.
Technical ContextAI
CWE-77.
RemediationAI
Update.
More in Opds Talon
View allCommand injection in Owl OPDS 2.2.0.4. EPSS 0.29%.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipul
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manip
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges t
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today