Opds Talon
CVE-2026-26093
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
AnalysisAI
Command injection in Owl OPDS 2.2.0.4. EPSS 0.29%.
Technical ContextAI
CWE-77 command injection.
RemediationAI
Update Owl OPDS.
More in Opds Talon
View allCommand injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipul
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manip
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges t
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today