Skip to main content

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

280 CVEs Avg CVSS 8.0 MITRE
80
CRITICAL
139
HIGH
55
MEDIUM
4
LOW
86
POC
3
KEV

Monthly

CVE-2026-50147 HIGH PATCH This Week

Arbitrary file read in Metabase (versions from 1.57.0 up to the fixed releases) allows an attacker who already holds database-configuration privileges to exfiltrate files from the Metabase server's host filesystem by injecting unsafe JDBC parameters into a MySQL or MariaDB connection. The malicious driver options coerce the JDBC client to read local host files and surface their contents through query results or connection-validation error messages. No public exploit identified at time of analysis; the flaw affects self-hosted and embedded deployments of this open-source BI platform.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-61459 CRITICAL POC PATCH Act Now

Argument injection in Flux159 MCP Server Kubernetes before 3.9.0 lets remote attackers redirect kubectl operations to an attacker-controlled API server by smuggling a leading-dash `--server` flag through the resourceType and name parameters of the kubectl_get, kubectl_describe, and kubectl_delete structured tools. Because the injected values bypass the assertNoDangerousFlags check, the operator's bearer token is transmitted to the external server, enabling full Kubernetes cluster compromise. Reported by VulnCheck, it carries CVSS 4.0 9.3, has publicly available exploit code, and a vendor patch in release 3.9.0; there is no confirmed active exploitation.

Authentication Bypass Kubernetes Mcp Server Kubernetes
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-47829 HIGH PATCH This Week

Argument injection in bosh-cli versions before v7.10.4 lets a compromised or malicious BOSH Director inject arbitrary OpenSSH command-line options into the ssh process that the CLI spawns locally, achieving code execution on the operator's own workstation. It triggers during non-interactive SSH paths such as bosh ssh -c, bosh logs -f, and similar flows where the CLI builds an ssh command from Director-supplied data. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 7.7 (High).

SSH Code Injection Bosh Cli
NVD VulDB
CVSS 4.0
7.7
EPSS
0.3%
CVE-2026-57572 PyPI CRITICAL PATCH Act Now

Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbitrary commands as the container runtime user. The server passes request-supplied browser_config.extra_args directly into Chromium's launch arguments, enabling argument injection (CWE-88) of a malicious child-process launcher combined with --no-zygote. Because the Docker API is unauthenticated by default and CVSS is scored 10.0, a single crafted HTTP request achieves full container compromise; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Docker Google Crawl4ai
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-40047 CRITICAL PATCH Act Now

Argument injection and directory traversal in Apache Camel's camel-docling component (4.15.0 before 4.18.3) let attackers who can influence the CamelDoclingCustomArguments or path-bearing exchange headers inject unintended docling CLI flags and traversal-laden path values into the externally executed docling tool. Because the original DoclingProducer validation relied on a flag denylist and only rejected literal '../' sequences, crafted arguments could reach the subprocess and resolve files outside the intended directory, yielding high confidentiality and integrity impact but no OS command injection (ProcessBuilder uses the list form, so no shell interprets the values). There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; EPSS is low (0.79%, 52nd percentile).

Command Injection Path Traversal Microsoft Apache Apache Camel
NVD VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2026-14459 HIGH PATCH This Week

Local privilege escalation via argument injection in TUBITAK BILGEM's pardus-software (the software-center application for the Turkish Pardus Linux distribution) affects all versions up to and including 1.0.4. A low-privileged local user can smuggle attacker-controlled argument delimiters into a command the application invokes with elevated privileges, yielding full compromise of the host (confidentiality, integrity, and availability all high) with no user interaction. No public exploit has been identified at time of analysis, and the issue is not on CISA KEV; it is fixed in version 1.0.5.

Code Injection Pardus Software
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-52817 PyPI HIGH PATCH GHSA This Week

Local privilege escalation in Linuxfabrik monitoring-plugins arises from the shipped Debian.sudoers file, which grants the nagios user passwordless sudo to apt-get without constraining arguments (CWE-88 argument injection). Any attacker who already controls the nagios account can run 'sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh' to spawn a root shell. Publicly available exploit code exists (documented in the GitHub advisory PoC), but there is no public evidence of active exploitation and no CVSS score was assigned.

Privilege Escalation Debian
NVD GitHub
CVE-2026-49987 npm HIGH POC PATCH GHSA This Week

Arbitrary command execution in repomix (npm package, versions < 1.14.1) arises from argument injection in the `--remote-branch` CLI option, whose value is passed unsanitized into `git fetch` and `git checkout` subprocesses within `src/core/git/gitCommand.ts`. Because the branch value is not prefixed with a `--` positional delimiter and skips the `dangerousParams` blocklist that `validateGitUrl()` applies only to the URL, an attacker can inject options such as `--upload-pack` and, combined with an SSH or `file://` remote, execute an arbitrary payload binary with the invoking user's privileges. Publicly available exploit code exists, no active exploitation is confirmed (not in CISA KEV), and the flaw is fixed in v1.14.1.

RCE
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.7%
CVE-2026-12856 HIGH PATCH This Week

Arbitrary VS Code command execution in the Red Hat vscode-java extension allows a malicious Java source file to embed hidden commands inside JavaDoc hover Markdown, so that a developer who simply clicks a crafted link in a hover popup triggers attacker-chosen commands that can escalate to full system compromise in trusted workspaces. The flaw stems from the extension rendering JavaDoc hovers as fully-trusted Markdown, and it also affects Red Hat OpenShift Dev Spaces, which bundles the extension. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network reach combined with only a single click of user interaction makes it high-impact.

Java RCE Red Hat Openshift Dev Spaces
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50014 npm HIGH POC PATCH GHSA This Week

Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's machine during `pnpm install`. Because pnpm passes the lockfile-controlled `resolution.commit` to `git fetch`/`git checkout` without a `--` separator or 40-hex-character validation, an attacker can substitute the expected commit hash with a Git option such as `--upload-pack=<command>`, which Git executes for SSH and local (file://) transports. Publicly available exploit code exists (POC), but there is no public exploit identified as actively exploited; EPSS is low (0.17%, 7th percentile), consistent with a developer-targeted supply-chain vector rather than mass internet scanning.

Information Disclosure Pnpm
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.2%
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Arbitrary file read in Metabase (versions from 1.57.0 up to the fixed releases) allows an attacker who already holds database-configuration privileges to exfiltrate files from the Metabase server's host filesystem by injecting unsafe JDBC parameters into a MySQL or MariaDB connection. The malicious driver options coerce the JDBC client to read local host files and surface their contents through query results or connection-validation error messages. No public exploit identified at time of analysis; the flaw affects self-hosted and embedded deployments of this open-source BI platform.

Information Disclosure Metabase
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Argument injection in Flux159 MCP Server Kubernetes before 3.9.0 lets remote attackers redirect kubectl operations to an attacker-controlled API server by smuggling a leading-dash `--server` flag through the resourceType and name parameters of the kubectl_get, kubectl_describe, and kubectl_delete structured tools. Because the injected values bypass the assertNoDangerousFlags check, the operator's bearer token is transmitted to the external server, enabling full Kubernetes cluster compromise. Reported by VulnCheck, it carries CVSS 4.0 9.3, has publicly available exploit code, and a vendor patch in release 3.9.0; there is no confirmed active exploitation.

Authentication Bypass Kubernetes Mcp Server Kubernetes
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Argument injection in bosh-cli versions before v7.10.4 lets a compromised or malicious BOSH Director inject arbitrary OpenSSH command-line options into the ssh process that the CLI spawns locally, achieving code execution on the operator's own workstation. It triggers during non-interactive SSH paths such as bosh ssh -c, bosh logs -f, and similar flows where the CLI builds an ssh command from Director-supplied data. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 7.7 (High).

SSH Code Injection Bosh Cli
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbitrary commands as the container runtime user. The server passes request-supplied browser_config.extra_args directly into Chromium's launch arguments, enabling argument injection (CWE-88) of a malicious child-process launcher combined with --no-zygote. Because the Docker API is unauthenticated by default and CVSS is scored 10.0, a single crafted HTTP request achieves full container compromise; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Docker Google +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Argument injection and directory traversal in Apache Camel's camel-docling component (4.15.0 before 4.18.3) let attackers who can influence the CamelDoclingCustomArguments or path-bearing exchange headers inject unintended docling CLI flags and traversal-laden path values into the externally executed docling tool. Because the original DoclingProducer validation relied on a flag denylist and only rejected literal '../' sequences, crafted arguments could reach the subprocess and resolve files outside the intended directory, yielding high confidentiality and integrity impact but no OS command injection (ProcessBuilder uses the list form, so no shell interprets the values). There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; EPSS is low (0.79%, 52nd percentile).

Command Injection Path Traversal Microsoft +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation via argument injection in TUBITAK BILGEM's pardus-software (the software-center application for the Turkish Pardus Linux distribution) affects all versions up to and including 1.0.4. A low-privileged local user can smuggle attacker-controlled argument delimiters into a command the application invokes with elevated privileges, yielding full compromise of the host (confidentiality, integrity, and availability all high) with no user interaction. No public exploit has been identified at time of analysis, and the issue is not on CISA KEV; it is fixed in version 1.0.5.

Code Injection Pardus Software
NVD VulDB
HIGH PATCH This Week

Local privilege escalation in Linuxfabrik monitoring-plugins arises from the shipped Debian.sudoers file, which grants the nagios user passwordless sudo to apt-get without constraining arguments (CWE-88 argument injection). Any attacker who already controls the nagios account can run 'sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh' to spawn a root shell. Publicly available exploit code exists (documented in the GitHub advisory PoC), but there is no public evidence of active exploitation and no CVSS score was assigned.

Privilege Escalation Debian
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary command execution in repomix (npm package, versions < 1.14.1) arises from argument injection in the `--remote-branch` CLI option, whose value is passed unsanitized into `git fetch` and `git checkout` subprocesses within `src/core/git/gitCommand.ts`. Because the branch value is not prefixed with a `--` positional delimiter and skips the `dangerousParams` blocklist that `validateGitUrl()` applies only to the URL, an attacker can inject options such as `--upload-pack` and, combined with an SSH or `file://` remote, execute an arbitrary payload binary with the invoking user's privileges. Publicly available exploit code exists, no active exploitation is confirmed (not in CISA KEV), and the flaw is fixed in v1.14.1.

RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary VS Code command execution in the Red Hat vscode-java extension allows a malicious Java source file to embed hidden commands inside JavaDoc hover Markdown, so that a developer who simply clicks a crafted link in a hover popup triggers attacker-chosen commands that can escalate to full system compromise in trusted workspaces. The flaw stems from the extension rendering JavaDoc hovers as fully-trusted Markdown, and it also affects Red Hat OpenShift Dev Spaces, which bundles the extension. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network reach combined with only a single click of user interaction makes it high-impact.

Java RCE Red Hat Openshift Dev Spaces
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's machine during `pnpm install`. Because pnpm passes the lockfile-controlled `resolution.commit` to `git fetch`/`git checkout` without a `--` separator or 40-hex-character validation, an attacker can substitute the expected commit hash with a Git option such as `--upload-pack=<command>`, which Git executes for SSH and local (file://) transports. Publicly available exploit code exists (POC), but there is no public exploit identified as actively exploited; EPSS is low (0.17%, 7th percentile), consistent with a developer-targeted supply-chain vector rather than mass internet scanning.

Information Disclosure Pnpm
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy