Skip to main content

Command Injection

7742 CVEs technique

Monthly

CVE-2026-55578 HIGH GHSA This Week

OS command injection in Pheditor 2.0.1 through 2.0.5 lets an authenticated user with the default-enabled `terminal` permission bypass the TERMINAL_COMMANDS allowlist and run arbitrary shell commands as the web server user. The flaw is an incomplete fix for GHSA-9643-6xjp-vx57: the sanitization blocklist added `$` but still misses the single pipe `|`, backtick, and newline (0x0A), each of which starts with a whitelisted prefix and slips past both filters. A fully working exploit is published in the GHSA advisory, and because Pheditor ships with the default password `admin`, the required authentication is frequently trivial to obtain, effectively lowering the barrier to unauthenticated RCE.

Command Injection PHP
NVD GitHub
CVSS 3.1
8.8
CVE-2026-54540 HIGH GHSA This Week

Authenticated command-injection in Pheditor 2.0.4 lets any user holding the 'terminal' permission bypass the TERMINAL_COMMANDS allowlist and run arbitrary OS commands as the web server user. The terminal handler only blocks '&', ';', and '||' and validates commands with a prefix check before handing the full string to shell_exec(), so shell substitution like ls$(...) satisfies the allowlist while executing attacker-controlled code. A working PoC is published in the GitHub advisory, though there is no public exploit identified as a standalone weaponized tool and no active exploitation reported.

Command Injection Docker PHP
NVD GitHub
CVSS 3.1
8.8
CVE-2026-14371 HIGH This Week

PowerShell command injection in Lenovo XClarity Integrator for Microsoft Windows Admin Center (versions 5.1.1 and below) running on the WAC Gateway allows an authenticated low-privileged attacker to inject arbitrary PowerShell commands when the plugin establishes remote PowerShell sessions. Successful exploitation yields high-impact code execution that extends beyond the plugin into subsequent systems (managed hosts), with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Lenovo Microsoft Command Injection Xclarity Integrator For Microsoft Windows Admin Center
NVD VulDB
CVSS 4.0
8.8
CVE-2026-59865 CRITICAL PATCH Act Now

Command injection in Microsoft Kiota before 1.32.5 lets a malicious or compromised OpenAPI description dictate the install command that Kiota presents to developers. When a developer runs `kiota info` (or the VS Code extension's `kiota info --json` dependency-install flow) against an attacker-controlled spec, Kiota reads the `x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand` field plus attacker-chosen dependency name/version values and surfaces them as its trusted recommended install command, achieving arbitrary command execution when that command is run. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the fix explicitly removes the untrusted extension field.

Command Injection RCE Code Injection Kiota
NVD GitHub
CVSS 4.0
9.3
CVE-2026-63305 CRITICAL Act Now

OS command injection in WWBN AVideo through version 29.0 allows attackers to execute arbitrary operating-system commands as the web-server user via the ffmpeg.json.php endpoint. The notifyCode and callback request parameters are concatenated into a shell command without escaping, so an attacker able to produce a valid encrypted payload can inject shell metacharacters and achieve remote code execution. No public exploit identified at time of analysis; the flaw carries a CVSS 4.0 base score of 9.2, though successful exploitation is gated by the requirement to forge a valid encrypted payload.

PHP Command Injection Avideo
NVD GitHub
CVSS 4.0
9.2
CVE-2026-63304 CRITICAL Act Now

OS command injection in AVideo (WWBN) through version 29.0 lets remote attackers who can forge a valid encrypted codeToExec payload run arbitrary shell commands as the web-server user via the listFFmpegProcesses() function in the standAlone plugin API. The flaw is unauthenticated (PR:N) but non-trivial to reach because it depends on producing an accepted encrypted parameter, and no public exploit or CISA KEV listing is identified at time of analysis.

PHP Command Injection Avideo
NVD GitHub VulDB
CVSS 4.0
9.2
CVE-2026-50289 npm HIGH POC PATCH GHSA This Week

OS command injection in the Node.js `systeminformation` library (npm, versions <= 5.31.6) lets a local actor run arbitrary commands with the privileges of any process that calls `networkInterfaces()` on Linux. While collecting DHCP state, `checkLinuxDCHPInterfaces()` reads Debian/Ubuntu `interfaces(5)` files and interpolates each `source <path>` token - read from file content - unquoted into a `cat ... | grep` string executed via `execSync()`/`/bin/sh`. Publicly available exploit code exists (a verbatim-sink PoC in the advisory); there is no CISA KEV listing and no CVSS score was assigned by the source, but a vendor patch (5.31.7) is available.

Debian Node.js Apple Microsoft Ubuntu +1
NVD GitHub
CVE-2026-52891 CRITICAL Act Now

OS command injection in Wekan (the open-source Meteor-based kanban board) before version 9.07 lets an authenticated user execute arbitrary commands on the server by uploading an avatar with shell metacharacters in its filename. The user-supplied filename is embedded into a shell string passed to child_process.exec() for MIME-type detection in models/avatars.js and models/fileValidation.js, so backticks or $() in the name run as server-side commands. No public exploit is identified at time of analysis, but the vendor commit and advisory confirm the flaw; it is fixed in v9.07.

Command Injection Wekan
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-55576 HIGH This Week

GitHub Actions expression injection in MaaAssistantArknights' dev-v2 CI (release-preparation.yml) lets an external attacker execute arbitrary shell commands on the ubuntu-latest runner by opening a non-draft fork pull request whose title begins with 'Release v'. The attacker-controlled pull_request.title was inlined directly into a run: block during opened, reopened, and ready_for_review events, so a crafted title breaks out of the sed command in the generate-changelog job. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the class is trivially weaponizable and the fix commit (cafc3946) is public. EPSS was not provided.

Ubuntu Command Injection Maaassistantarknights
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-62312 HIGH PATCH This Week

Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the host by chaining a Host-header spoof (to reach routes that are supposed to be localhost-only) with unsanitized MCP plugin arguments that flow into child_process.spawn() via the /api/mcp//sse endpoint. Rated CVSS 8.8 (CWE-78, OS command injection), it is fixed in 0.5.2; no public exploit or CISA KEV listing exists at time of analysis, though a vendor advisory and fix commit are published.

RCE Command Injection 9Router
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-55410 MEDIUM PATCH This Month

Command injection in NocoBase's @nocobase/plugin-backups prior to v2.1.19 allows an authenticated backup-management user to execute arbitrary OS commands as the NocoBase server process by restoring a crafted backup archive. The database.schema field from a backup's _metadata.json is interpolated directly into a shell command string passed to Node.js child_process.exec(), a classic CWE-78 pattern that bypasses any sanitization at the shell level. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the commit diff confirms the mechanism is straightforward and the fix is available in v2.1.19.

Node.js Command Injection PostgreSQL Nocobase
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2026-15895 HIGH PATCH This Week

OS command injection in AWS jsii-diff before 1.131.0 lets a context-dependent attacker execute arbitrary shell commands when a victim runs the tool against an attacker-controlled 'npm:' source specifier. The npm package-loading component fails to sanitize the package specifier before passing it to a shell, so a crafted specifier is interpreted as a command. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor-released patch (v1.131.0) is available.

Node.js Command Injection
NVD GitHub
CVSS 4.0
8.4
EPSS
1.2%
CVE-2026-54449 PyPI HIGH POC GHSA This Week

Authenticated remote code execution in LangBot (pip package 'langbot', versions <= 4.10.5) allows any logged-in user to run arbitrary OS commands on the host by registering a malicious 'STDIO' MCP server through the Extensions > MCP configuration UI. Because LangBot passes the user-supplied command straight to the MCP SDK's StdioServerParameters, which spawns it as a subprocess, an attacker who signs up or uses stolen credentials gains full host takeover. A step-by-step and video proof-of-concept is public (publicly available exploit code exists), though there is no confirmed active exploitation.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.8
CVE-2026-46709 HIGH PATCH This Week

Command injection in Tabby (formerly Terminus) terminal emulator before 1.0.234 lets an attacker achieve code execution by tricking a victim into dragging and dropping a crafted file whose path contains shell command-substitution metacharacters ($(...) or backticks). Because the drop handler in tabby-electron/src/pathDrop.ts inserted the raw path into the active shell without neutralizing these characters, the payload runs when the victim presses Enter. This is an incomplete-fix follow-up to CVE-2026-45038, which only addressed control characters; no public exploit is identified at time of analysis and it is not listed in CISA KEV.

RCE Command Injection Tabby
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-61438 HIGH PATCH This Week

OS command execution in PraisonAI before 4.6.78 lets an attacker who can supply a workflow definition escape the inline-Python sandbox and run arbitrary shell commands with the privileges of the agent process. The flaw lives in JobWorkflowExecutor._exec_inline_python(), whose AST-based validation fails to reject `import os` followed by `os.system()`, turning a malicious YAML workflow file into RCE. No public exploit code or CISA KEV listing is identified at time of analysis, though the bypass technique is described in detail in the vendor advisory.

RCE Command Injection Praisonai
NVD GitHub
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-65720 CRITICAL Act Now

Remote command execution in Open Source GPT Researcher v3.3.7 lets attackers run arbitrary OS commands on a victim's machine when the user interacts with a crafted HTML page, exploiting a command injection (CWE-77) weakness. The flaw was reported by MITRE and detailed in ox.security research covering RCE across the AI/MCP ecosystem; no public exploit is identified in CISA KEV, and EPSS probability is low (0.21%). Because GPT Researcher autonomously fetches and processes web content, a malicious page encountered during a research run can drive execution on the host.

Command Injection N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-30623 CRITICAL Act Now

Command injection in LiteLLM 1.18.10 lets attackers who can configure MCP (Model Context Protocol) servers supply arbitrary `command` and `args` values in the server-creation JSON, which LiteLLM passes to the host OS without validation, yielding remote code execution as the LiteLLM process. The flaw is part of the broader MCP-stdio supply-chain advisory disclosed by ox.security across the AI ecosystem and is documented in LiteLLM's own April 2026 advisory. No public exploit is identified in the provided data, and EPSS is low (0.32%, 24th percentile), so widespread automated exploitation is not currently indicated despite the CVSS 9.8 rating.

RCE Command Injection N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-48345 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.

RCE Command Injection Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2026-48347 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.

RCE Command Injection Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2026-56197 HIGH PATCH Exploit Unlikely This Week

Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege access inject and run arbitrary commands over the network, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Command Injection Windows Admin Center
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-55145 MEDIUM PATCH This Month

Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.

Microsoft Command Injection Microsoft Copilot
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2026-50488 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard User Service lets an already-authenticated low-privileged user run OS commands in the service's higher-privilege security context by injecting special elements into a command the service constructs (CWE-77). Affected platforms are Windows 11 24H2/25H2 and Windows Server 2025 (including Server Core). Microsoft has issued a patch; there is no public exploit identified at time of analysis and the flaw is not on the CISA KEV list.

Microsoft Command Injection Windows 11 Version 24H2 Windows 11 Version 25H2 Windows Server 2025 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2026-58635 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Narrator (the built-in screen reader) arises from improper neutralization of special elements in its Braille support component, allowing an already-authenticated local attacker (PR:L) to inject and execute OS commands that run with elevated privileges. All supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025 are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, so exploitation is not confirmed as active.

Microsoft Command Injection Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-50520 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Visual Studio Code stems from a command injection flaw (CWE-77) that lets an attacker run arbitrary commands on the host with the privileges of the editor. Reported by Microsoft with a vendor patch available, the CVSS 3.1 score of 8.4 reflects full compromise of confidentiality, integrity, and availability via a local attack vector requiring no privileges or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Visual Studio Code
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2026-48561 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.

Microsoft Command Injection Microsoft 365 Copilot For Android Microsoft 365 Copilot For Ios
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2026-15428 HIGH PATCH This Week

OS command injection in the TP-Link Archer VX1800v (v1) router lets an adjacent, high-privileged attacker inject shell metacharacters through the domain name parameter of an HTTP management interface, yielding arbitrary command execution as root and full device takeover. The flaw scores CVSS 4.0 8.5 (High) and a vendor firmware patch is available; no public exploit identified at time of analysis. Note a naming discrepancy in the source data - the free-text description says 'VX800v' while the CPE and tags reference 'VX1800V' - so verify the exact affected model against the TP-Link advisory before acting.

RCE Command Injection Archer Vx1800V V1
NVD
CVSS 4.0
8.5
EPSS
0.9%
CVE-2026-15427 HIGH PATCH This Week

Root-level OS command injection in the TR-069/CWMP management client of the TP-Link Archer VX1800v v1 gateway lets an attacker who controls (or has compromised) the ACS provisioning server inject unsanitized parameters that the device executes as system-level commands. Because CWMP provisioning is trusted implicitly, a malicious or hijacked ACS can push crafted values that yield arbitrary command execution as root and full device takeover. No public exploit identified at time of analysis, and the flaw was reported by TP-Link itself; a firmware fix is available.

Command Injection Archer Vx1800V V1
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-58479 CRITICAL POC Act Now

Remote command injection in the Sustainable Irrigation Platform (SIP) through version 5.2.16 lets unauthenticated or CSRF-driven attackers store a malicious payload via the optional cli_control plugin's HTTP endpoint and execute arbitrary OS commands on the host when the linked irrigation station is activated. Because the plugin ships with no passphrase protection or the well-known default passphrase 'opendoor', exploitation is trivial on default installs. Publicly available exploit code exists (ZeroScience/VulnCheck), though the flaw is not listed in CISA KEV, and the CVSS 4.0 base score is 9.2 (Critical).

CSRF Command Injection Sip
NVD
CVSS 4.0
9.2
EPSS
5.2%
CVE-2026-3014 MEDIUM This Month

OS command injection in Milestone Systems XProtect Management Server API enables authenticated users with edit permissions to execute arbitrary code as the Management Server Service. The CWE-78 flaw is network-accessible (AV:N) and requires no user interaction beyond possessing a privileged account, with CVSS 4.0 scope change metrics indicating high downstream impact (SC:H/SI:H/SA:H) to the broader surveillance infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis; Milestone has released patched versions addressed in their official advisory.

RCE Command Injection Xprotect Management Server
NVD VulDB
CVSS 4.0
6.4
EPSS
0.6%
CVE-2026-14852 MEDIUM PATCH This Month

Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.

Privilege Escalation SAP Command Injection Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2026-15669 LOW POC Monitor

OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary operating system commands through the ExecTool.Execute function in internal/agent/tools/exec.go. A publicly available proof-of-concept exploit exists (GitHub issue #43), elevating practical risk despite the moderate CVSS 4.0 score of 4.8. No patch has been issued as the project maintainer has not responded to responsible disclosure, leaving all known deployments persistently exposed.

Command Injection Picobot
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.6%
CVE-2026-62392 CRITICAL Act Now

OS command injection in Apache Kylin (versions 4 through 5.0.3) allows attackers to execute arbitrary operating-system commands by supplying malicious job configuration parameters that a backend API passes unsanitized to the OS command line. Because Kylin runs as a distributed analytics engine, successful exploitation yields full host compromise with the privileges of the Kylin service account. Per the vendor CVSS (AV:N/PR:N), the flaw is scored as network-reachable and unauthenticated with high impact across confidentiality, integrity, and availability; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Apache Kylin
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2026-61498 CRITICAL POC Act Now

Remote OS command execution in Vitec Flamingo 4.12.2 lets unauthenticated attackers run arbitrary commands as root through the admin/ajax/gen_graphs.php graph-generation endpoint. The start, end, key, and format GET parameters are passed unsanitized into a PHP passthru() shell call, and because the web server runs with passwordless sudo the impact escalates to full root compromise. Publicly available exploit code exists (VulnCheck), though there is no CISA KEV listing, so this is a high-priority, easily weaponizable flaw.

Command Injection PHP Flamingo
NVD
CVSS 4.0
9.3
EPSS
2.2%
CVE-2026-60121 CRITICAL POC Act Now

Unauthenticated OS command injection in Vitec Flamingo 4.12.2 (IPTV distribution) lets remote attackers run arbitrary commands as root through the admin/ajax/ping.php endpoint. The flaw stems from a double-evaluation bug where a system wrapper re-uses the decoded, un-escaped host value in a second shell call executed via passwordless sudo. Publicly available exploit code exists (VulnCheck); no active exploitation is confirmed in CISA KEV at time of analysis.

Command Injection PHP Flamingo
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2026-22103 CRITICAL PATCH Act Now

Command injection in the evbee DC-80 EV charger allows remote unauthenticated attackers to execute arbitrary operating-system commands via the 'NPC start' endpoint exposed on the device's web server at TCP port 8090. Reported by DIVD (Dutch Institute for Vulnerability Disclosure), the flaw carries a CVSS 4.0 base score of 9.3 with a fully network-exploitable vector (AV:N/PR:N/UI:N) and high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; no EPSS score was supplied.

Command Injection Dc 80
NVD
CVSS 4.0
9.3
EPSS
1.3%
CVE-2026-22100 HIGH PATCH This Week

OS command injection in the EVBEE DC-80 electric-vehicle DC charger lets an actor who can send OCPP messages execute arbitrary commands as root by tampering with the data value of the vendor-specific `ReserveLogin` DataTransfer message. The flaw was reported by DIVD (Dutch Institute for Vulnerability Disclosure) and affects the charger's OCPP handling; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because execution occurs as root, successful exploitation results in full compromise of the charging station.

Command Injection Dc 80
NVD
CVSS 4.0
8.6
EPSS
1.0%
CVE-2026-22095 CRITICAL PATCH Act Now

Remote code execution in the evbee DC-80 EV charging station is possible through a command injection flaw in the network diagnosis endpoint exposed on the web server at TCP port 8090. Because the CVSS 4.0 vector specifies no privileges and no user interaction (AV:N/PR:N/UI:N), a remote unauthenticated attacker who can reach port 8090 can inject operating-system commands and fully compromise the device. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the DIVD coordinated disclosure and 9.3 (Critical) score make it a high-priority defect.

Command Injection Dc 80
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2026-15547 LOW POC Monitor

OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrary commands on the underlying router OS by manipulating the cifs1 or cifs2 arguments passed to the CIFS Mount Handler function sub_2D048. A publicly available proof-of-concept exploit exists on Gitee, lowering the barrier to exploitation. The risk is compounded by the fact that Shibby Tomato is an end-of-life project with no active maintenance, superseded by FreshTomato, meaning no patch is forthcoming from the original vendor.

Command Injection Tomato
NVD VulDB
CVSS 4.0
2.1
EPSS
1.1%
CVE-2026-15546 LOW POC Monitor

OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers to execute arbitrary OS commands by manipulating the jffs2_exec argument in the start_jffs2 component's sub_2D568 function. A publicly available proof-of-concept exploit exists on Gitee, confirming exploitability beyond theoretical analysis. The project is officially abandoned and superseded by FreshTomato, meaning no vendor patch will ever be released - remediation requires migrating to supported firmware.

Command Injection Tomato
NVD VulDB
CVSS 4.0
2.1
EPSS
1.1%
CVE-2026-15513 LOW POC PATCH Monitor

OS command injection in the Wavlink WL-NU516U1 router's CGI web administration interface allows authenticated network attackers to execute arbitrary operating system commands by injecting shell metacharacters into the lan_ip parameter of the adm.cgi endpoint. The wlink_uci_set_value function passes attacker-controlled input unsanitized into OS-level commands, enabling full compromise of the underlying Linux-based router OS. A public proof-of-concept exploit is available on GitHub (no public exploit identified at time of analysis for KEV), and the vendor has released a patched firmware as of June 22, 2026.

Command Injection Wl Nu516U1
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
1.4%
CVE-2026-15511 HIGH This Week

OS command injection in the Comfast CF-WR631AX V3 WiFi router (firmware through 2.7.0.8) lets remote attackers execute arbitrary operating-system commands by manipulating the filename argument in the system_wl_upload_pic_file routine of the /usr/bin/webmgnt FastCGI backend. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation, and publicly available exploit code exists (E:P). It is not listed in CISA KEV, so there is no confirmed active exploitation, but the public disclosure lowers the barrier for opportunistic attacks against exposed devices.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
2.7%
CVE-2026-15496 LOW POC Monitor

OS command injection in SonicCloudOrg sonic-agent up to version 2.7.2 allows remote low-privileged attackers to execute arbitrary system commands via the evalIsFailed function in the Groovy Script Handler component. The public proof-of-concept - titled 'Unsandboxed_RCE' - confirms that Groovy scripts are executed without a security sandbox, enabling full host-level command execution. Critically, this is an end-of-life product with no vendor response and no patch, meaning no fix is forthcoming; no public exploit identified in CISA KEV at time of analysis, but a public POC exists.

Command Injection Java Sonic Agent
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
1.2%
CVE-2026-15495 LOW POC Monitor

OS command injection in SonicCloudOrg sonic-agent (all versions up to 2.7.2) enables remote code execution through the Android WebSocket Server component. An authenticated remote attacker can manipulate the `path` argument in AndroidWSServer.java to inject arbitrary OS commands on the host running the agent. Publicly available exploit code exists (GitHub PoC by xpp3901), no vendor patch will be issued as the product is end-of-life, and the vendor is unresponsive to disclosure - creating a permanent, unmitigable risk for any active deployment.

Command Injection Java Google Sonic Agent
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
1.5%
CVE-2026-15487 MEDIUM Monitor

OS command injection in the TRENDnet TEW-821DAP wireless access point firmware enables authenticated remote attackers to execute arbitrary operating system commands by manipulating the Hostname parameter submitted to the /goform/system_ntp endpoint, processed by function sub_41FBD0. The device (v1.0R hardware, firmware 1.11B03) is confirmed end-of-life, and the vendor has explicitly declined to investigate or remediate the issue. No patch will be released; no public exploit code is confirmed at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-15486 MEDIUM PATCH Monitor

OS command injection in TRENDnet TEW-821DAP firmware 1.11B03 allows a network-adjacent authenticated attacker to execute arbitrary shell commands by manipulating the hostname, username, or password parameters in the DDNS configuration handler at /goform/tools_ddns. The affected product is officially end-of-life - the vendor has declined to issue a patch and disputes ability to confirm the vulnerability on the v1.0R hardware revision. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CWE-78 vulnerability class is trivial to weaponize once firmware internals are mapped via the linked IOT research repository.

Command Injection Tew 821Dap
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-15485 MEDIUM PATCH Monitor

OS command injection in the TRENDnet TEW-821DAP 1.11B03 wireless access point allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the nslookup_target or dns_server arguments passed to the DNS Lookup Handler at /goform/tools_nslookup (function sub_43F2C4). The affected device is end-of-life and the vendor has explicitly declined to patch it, stating they cannot confirm the vulnerability's existence for the TEW-821DAP v1.0R. No public exploit code or CISA KEV listing has been identified at time of analysis, though the network-accessible attack surface and EOL status make remediation by replacement the only viable long-term strategy.

Command Injection Tew 821Dap
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-15481 HIGH POC This Week

Command injection in the TRENDnet TEW-635BRM wireless router (firmware through 1.00.03) lets an authenticated remote attacker inject OS commands via the ipoa_ipaddr argument handled by the ipoa_test function in /sbin/rc during IPoA WAN connection setup. Publicly available exploit code exists (published via VulDB and a researcher write-up), and because the device runs its control logic as a privileged system process, successful injection yields full command execution on the router. The product has been end-of-life since 2011 and the vendor will not issue a fix, so exposure is permanent for still-deployed units; there is no CISA KEV listing or confirmation of active exploitation.

Command Injection Tew 635Brm
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-6784 HIGH This Week

Remote code execution in the Code Engine WordPress plugin (all versions ≤ 0.3.5) lets authenticated users with Contributor-level access or higher run arbitrary PHP/code on the server via the 'code-engine' shortcode, because the plugin fails to restrict access to its code-injection functionality. Reported by Wordfence, the flaw carries a CVSS 8.8 (high) rating; there is no public exploit identified at time of analysis, though the technique (abusing a shortcode that intentionally executes snippets) is straightforward for anyone with authoring rights. This turns the plugin's core 'run PHP snippets' feature into a privilege-escalation path from low-trust content contributors to full server code execution.

Command Injection WordPress RCE Code Engine Php Snippets Ai Functions Automation For Wordpress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-30007 HIGH PATCH This Week

Privilege escalation to root in the HestiaCP web hosting control panel (versions before 1.9.5) lets any low-privilege authenticated user run arbitrary OS commands as root by injecting a single-quote into an unvalidated DNS record type field. The flaw chains weak input validation in is_dns_record_format_valid() with unsafe eval-based zone parsing in update_domain_zone(), turning a routine DNS record creation into full host takeover. No public exploit is identified at time of analysis, but VulnCheck has published a detailed advisory and the vendor shipped a fix in 1.9.5.

Command Injection RCE Hestiacp
NVD GitHub
CVSS 4.0
8.7
EPSS
2.1%
CVE-2026-54149 HIGH PATCH This Week

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated user achieve arbitrary command execution on the host by importing a crafted .tool file that declares an MCP stdio transport and triggering it through an AI Chat node. Because the tool-import path (apps/tools/serializers/tool.py) and the MCP referencing path (base_chat_step.py) fail to consistently validate the MCP transport type, the MultiServerMCPClient spawns the attacker's stdio command locally. Rated CVSS 8.8; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Maxkb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-61434 HIGH PATCH This Week

Command execution allowlist bypass in PraisonAI before 4.6.78 lets a low-privileged attacker who can supply commands to the framework's restricted-execution feature slip past its shell-metacharacter filters by abusing find's built-in -exec, -execdir, and -delete actions. Because those actions run binaries and delete files entirely inside the find process, they never trip the metacharacter allowlist, so the attacker can read blocked files, delete arbitrary files, and launch non-allowlisted binaries. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the CVSS 4.0 base score of 8.7 (High) reflects full loss of confidentiality, integrity, and availability of the affected system.

Command Injection Praisonai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-56688 CRITICAL PATCH Act Now

Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged attacker inject operating-system commands during OS Repository processing, resulting in full appliance compromise. Because PowerFlex Manager orchestrates storage and HCI infrastructure, code execution as root also enables lateral movement into managed nodes. There is no public exploit identified at time of analysis, and Dell has released a fixed build (5.1.0.1) via advisory DSA-2026-066.

Command Injection Dell Powerflex Manager
NVD VulDB
CVSS 3.1
9.1
EPSS
1.3%
CVE-2026-41880 CRITICAL Act Now

OS command injection as root in the R-SOFT DMS Optical Character Recognition (OCR) module lets an authenticated attacker run arbitrary shell commands. Multiple OCR command-execution functions accept user-controllable file paths and pass them unsanitized to the system shell over SSH, yielding full root-level compromise of the document management server. No public exploit has been identified at time of analysis, and the flaw is mitigated in the default web-upload flow because URL encoding neutralizes the injection, which is reflected in the high attack complexity (AC:H).

Command Injection
NVD VulDB
CVSS 4.0
9.0
EPSS
1.3%
CVE-2026-41876 HIGH This Week

OS command injection in R-SOFT DMS lets an authenticated user run arbitrary shell commands as the web server account by abusing the document converter. The konwertujAction() routine builds shell commands from unsanitized file-path and format parameters (CWE-78), so any user who can trigger a conversion can inject commands. Discovery is credited to CERT Polska; no public exploit identified at time of analysis and it is not listed in CISA KEV. CVSS 4.0 base is 8.7 (High).

Command Injection
NVD VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2026-53932 PHP HIGH PATCH GHSA This Week

OS command injection in the wnx/laravel-backup-restore Composer package (fixed in v1.9.4) allows an attacker who can get a malicious backup archive restored to run arbitrary shell commands as the Laravel application user. The restore workflow interpolates an unescaped ZIP entry filename from the db-dumps directory directly into shell command strings (mysql, psql, sqlite3, gunzip) executed via Symfony Process::fromShellCommandline(), so shell metacharacters in the filename are interpreted by /bin/sh. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the flaw is trivially exploitable once a crafted archive reaches the restore path.

Command Injection Microsoft PHP
NVD GitHub
CVSS 3.1
8.0
CVE-2026-0286 MEDIUM PATCH This Month

Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.

Command Injection Paloalto Pan Os
NVD VulDB
CVSS 4.0
6.0
EPSS
1.1%
CVE-2026-59734 HIGH PATCH This Week

Authenticated command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 allows a logged-in user to run arbitrary shell commands inside deployment containers by supplying malicious health-check parameters. The generate_healthcheck_commands() routine in ApplicationDeploymentJob.php interpolates the health_check_host, health_check_method, and health_check_path values straight into a shell command line, so any user able to configure an application's health check gains OS command execution during deployment. No public exploit identified at time of analysis, but the upstream fix and advisory (GHSA-4fhp-xqqp-w7vv) publicly document the vulnerable code path.

Command Injection PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-59726 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Ruflo (an agent meta-harness for Claude Code and Codex) before 3.16.3 arises because the default docker-compose deployment exposes the MCP bridge's POST /mcp and POST /mcp/:group endpoints with no authentication. A network attacker can send a JSON-RPC tools/call to the terminal_execute tool to gain an interactive shell inside the bridge container, exfiltrate provider API keys, and tamper with AgentDB learning-store patterns. Rated CVSS 10.0 with a scope change; no public exploit identified at time of analysis, and it is not in CISA KEV.

Command Injection Docker
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2026-59721 HIGH PATCH This Week

Command injection in self-hosted Hoppscotch instances prior to 2026.6.0 allows an authenticated administrator to achieve root-level code execution in the backend container. The updateInfraConfigs GraphQL mutation accepts an attacker-controlled MAILER_SMTP_URL whose path, query, or fragment is parsed by nodemailer into sendmail transport options, turning SMTP configuration into arbitrary command execution once the service restarts and sends mail. No public exploit identified at time of analysis, but the flaw is confirmed and patched upstream in release 2026.6.0.

Command Injection
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-55420 HIGH PATCH This Week

Remote code execution in Discourse (via the discourse-ai plugin's PDF-to-text feature) allows an attacker who can upload a crafted PDF to run arbitrary commands on the server, but only in non-default configurations where an LLM vision model is configured. The flaw is a CWE-78 OS command injection reached when uploaded PDFs are rasterized through ImageMagick, which in turn invokes an external delegate (Ghostscript) on attacker-controlled input. It is not in CISA KEV and has no public exploit identified at time of analysis; EPSS is low at 0.33% (25th percentile), and vendor patches exist across all supported release lines.

Command Injection Discourse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-15193 LOW Monitor

OS command injection in the Android WebView JavaScript bridge of openclaw-android (versions up to 0.4.0) permits a local, low-privileged attacker to execute arbitrary OS commands through the `JsBridge.kt` component. Exploitation is constrained to local device access, limiting real-world blast radius, but a publicly disclosed proof-of-concept exists per the CVSS 4.0 E:P supplemental metric. No patch has been released - a remediation pull request (#137) is pending acceptance, leaving all users on version 0.4.0 or earlier exposed.

Command Injection Java Google
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.7%
CVE-2026-58459 HIGH PATCH This Week

Arbitrary shell command execution in gpsd's gpsprof profiling tool (through release-3.27.5) allows an attacker who controls a GPS device's subtype value to run commands as the user rendering the plot. The subtype string - taken from a DEVICES JSON log entry or an NMEA PGRMT sentence - is embedded into a generated gnuplot program's `set title` statement with only double quotes escaped, so backtick payloads execute when the victim renders the plot via the gpsprof/gnuplot workflow. This was reported by VulnCheck; a vendor fix is available (fixed at commit 4c06658), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Gpsd
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.7%
CVE-2026-41857 HIGH PATCH This Week

Arbitrary command execution on operator workstations in Cloud Foundry BOSH CLI before 7.10.5 allows a compromised or malicious BOSH Director to inject and run shell commands locally when an operator invokes bosh ssh, bosh scp, or bosh logs -f with default flags. Because the CLI trusts director-supplied data and passes it into a shell, a controlled director turns a routine operator action into local code execution on the trusted management host. No public exploit identified at time of analysis; not listed in CISA KEV, though the reference blog by Cloud Foundry (originally reported by VMware) confirms the flaw and a fixed release.

Bosh Cli Command Injection
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-52831 Go CRITICAL POC PATCH GHSA Act Now

OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.

Python Kubernetes Microsoft Docker Command Injection +1
NVD GitHub
CVSS 3.1
10.0
CVE-2026-60102 HIGH PATCH This Week

OS command injection in the Horde_Vfs_Smb driver of the Horde Virtual File System (VFS) API before 3.0.1 lets authenticated users execute arbitrary shell commands on the server. The flawed _escapeShellCommand() method fails to neutralize shell command-substitution sequences, so attacker-controlled filenames passed through routine file operations are interpolated into a double-quoted /bin/sh -c context and executed via proc_open() before smbclient runs. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch (v3.0.1) exists and the CVSS 4.0 base score is 7.7 (High).

Command Injection File Upload Vfs
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
1.8%
CVE-2026-24700 HIGH This Week

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24699 HIGH This Week

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24698 HIGH This Week

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. Publicly available exploit code exists (SSVC exploitation status: poc) but the flaw is not listed in CISA KEV.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24697 HIGH This Week

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote administrator inject arbitrary shell commands through the wan_hostname parameter, which is passed unsanitized into the start_bonjour() routine of the 'rc' binary. Because the 'rc' process runs as root, successful exploitation yields full command execution and complete device takeover. Publicly available exploit details exist in an IoT vulnerability write-up; there is no evidence of active exploitation (not in CISA KEV) and no EPSS score was provided.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-54344 MEDIUM PATCH This Month

Command injection in ToolJet's GitHub Actions render preview deployment workflow allows any GitHub user capable of commenting on an open pull request to execute arbitrary shell commands on the CI runner and exfiltrate deployment secrets. The root cause is unsanitized interpolation of `github.event.comment.body` directly into a bash conditional within a `run` step, meaning a single malicious PR comment can pivot to full CI runner compromise. No CISA KEV listing exists at time of analysis, but the attack technique - GitHub Actions expression injection - is extremely well-documented publicly, making practical exploitation trivial for any GitHub user with PR commenting rights.

Command Injection Tooljet
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-15035 PyPI LOW Monitor

Command injection in bentoml OpenLLM 0.6.30 allows local low-privilege users to execute arbitrary shell commands by supplying crafted model repository directory name arguments to the `async_run_command` function in `src/openllm/common.py`. A public proof-of-concept exploit is available per the CVSS 4.0 E:P modifier and disclosure notes, though no CISA KEV listing exists and the project had not responded to responsible disclosure at the time of reporting. The CVSS 4.0 base score of 1.9 reflects a constrained real-world risk profile due to the strictly local attack vector and limited Low-rated confidentiality, integrity, and availability impact.

Command Injection Openllm
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.6%
CVE-2026-15033 MEDIUM This Month

OS command injection in christopherthielen/check-peer-dependencies up to version 4.3.4 allows remote low-privileged attackers to execute arbitrary operating system commands via the shelljs.exec() call in dist/packageUtils.js when processing peerDependency data. The vulnerable code path passes unsanitized dependency-related input directly to a shell execution function, a classic CWE-78 pattern. No vendor patch is available at time of analysis - the project maintainer has not responded to the issue report filed on GitHub (issue #74), and no KEV listing exists. EPSS data was not provided, so broad exploitation probability cannot be quantified.

Command Injection Check Peer Dependencies
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
1.1%
CVE-2026-53533 PyPI MEDIUM PATCH GHSA This Month

SMTP command injection in aiosmtplib (all versions through 5.1.0) enables any attacker who can influence email addresses passed to SMTP.mail(), SMTP.rcpt(), SMTP.vrfy(), SMTP.expn(), or the higher-level SMTP.sendmail() to inject arbitrary SMTP protocol commands by embedding CR/LF bytes in the address string. Applications that accept sender or recipient addresses from untrusted input - web forms, APIs - and forward them to these methods without CR/LF sanitization are at risk of session desynchronization, client-side denial of service via SMTP client hang, or delivery of attacker-crafted email through the victim application's SMTP connection. No vendor-released patch version is confirmed from available data at time of analysis, and no public exploit has been identified.

Command Injection Denial Of Service
NVD GitHub
CVE-2026-59800 npm CRITICAL POC PATCH GHSA Act Now

Remote unauthenticated OS command injection in 9Router before 0.4.44 lets attackers run arbitrary commands as root via the POST /api/tunnel/tailscale-install endpoint, which is excluded from the dashboard authorization middleware. The attacker-supplied sudoPassword field is piped to the stdin of a 'sudo -S sh' child process; when sudo does not prompt for a password, sh interprets that value as a shell command. Active exploitation evidence was reported by the Shadowserver Foundation on 2026-07-04; this is not (yet) listed in CISA KEV, and no public exploit code is referenced in the supplied data.

Command Injection
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
1.4%
CVE-2026-53479 HIGH PATCH This Week

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an already-authenticated, high-privileged remote user break out of the appliance's restricted management context and run arbitrary commands as root. Dell rates it Critical because the flaw defeats the platform's protection mechanism and yields full root-level code execution on the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Dell explicitly urges customers to upgrade at the earliest opportunity.

Command Injection Dell Powerprotect Data Domain
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2026-40187 PHP HIGH POC PATCH GHSA This Week

Authenticated OS command execution in EGroupware allows an administrator to escalate from web-application access to arbitrary shell commands as the web server user (typically www-data). The flaw lives in the eTemplate engine's Widget::expand_name(), where widget attribute values are passed into a PHP eval() with only double-quotes escaped, leaving backtick shell-execution operators intact; an admin uploads a malicious .xet template to the /etemplates VFS mount to trigger it. A detailed proof-of-concept is published in the vendor's GitHub Security Advisory (publicly available exploit code exists), though there is no evidence of active exploitation.

Command Injection PHP RCE Docker
NVD GitHub
CVE-2026-42201 LOW PATCH Monitor

OS command injection in Coolify's database service configuration API allows authenticated administrators to execute arbitrary shell commands within Docker container contexts by embedding shell metacharacters into database credential fields. All Coolify versions prior to 4.0.0-beta.474 are affected, covering deployments managing Redis, KeyDB, Dragonfly, ClickHouse, PostgreSQL, and MySQL services. No public exploit code has been identified at time of analysis, and the CVSS PR:H requirement confines the attack surface to already-privileged admin accounts, positioning this as a post-compromise escalation risk rather than an initial access vector.

Command Injection Docker Coolify
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.2%
CVE-2026-34158 HIGH PATCH This Week

OS command injection in Coolify, the open-source self-hostable server/application/database management PaaS, allows an authenticated user with permission to edit application settings (versions prior to 4.0.0-beta.469) to run arbitrary commands on the managed host. The flaw lives in the executeInDocker() helper, which wraps user-controlled values in single quotes without escaping embedded quotes, letting an attacker break out of the quoted shell context during deployments and escape the intended Docker container confinement. No public exploit identified at time of analysis; this is not listed in CISA KEV.

Command Injection Docker Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34057 HIGH PATCH This Week

OS command injection in Coolify's self-hosted server/app management platform lets an authenticated user achieve remote code execution on the underlying host via a malicious database import container name. The database import Livewire component passes client-controlled container and server properties into shell commands without locking or validation, so any low-privileged authenticated user can inject arbitrary commands. Rated CVSS 8.8 and fixed in 4.0.0-beta.471; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection PHP Coolify
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-42143 HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/application/database management platform) versions prior to 4.0.0-beta.471 allows an authenticated low-privileged member to run arbitrary commands as root on managed servers by embedding shell metacharacters in persistent volume names, which are interpolated unescaped into shell commands during volume operations. The CVSS 3.1 score is 8.8 (High) with a network vector requiring only low privileges. No public exploit identified at time of analysis; an upstream fix commit and a tagged patched release exist.

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34152 HIGH PATCH This Week

Command injection in Coolify before 4.0.0-beta.471 lets an authenticated user break out of the pre-deployment and post-deployment command fields and run arbitrary shell statements on the target deployment server. The supplied commands are single-quote escaped but then piped through an SSH heredoc transport that preserves newlines, so newline-delimited injected statements survive escaping and execute during deployment. No public exploit is identified at time of analysis, though the fixing pull request and commit are public and make the root cause easy to reconstruct; CVSS is 8.8 (High).

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34149 LOW PATCH Monitor

Command injection in Coolify's DatabaseBackupJob allows authenticated users holding database management permissions to execute arbitrary OS commands on managed servers by embedding shell metacharacters in database credentials or MongoDB collection exclusion names. All Coolify releases prior to 4.0.0-beta.471 are affected. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, the practical impact substantially exceeds the official CVSS 3.3 Low rating because successful exploitation grants attacker-controlled shell execution on production infrastructure managed by the platform.

Command Injection Coolify
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2026-34034 HIGH PATCH This Week

Authenticated command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets a user with access to a server's Sentinel settings embed shell metacharacters in the sentinel_token value, which is passed unsanitized into a shell command and executed on the host the next time Sentinel is restarted (CWE-78). The flaw yields full host command execution with confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor has released a fixed build (v4.0.0-beta.466) with an available upstream commit.

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34168 HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/app management platform) before 4.0.0-beta.471 lets an authenticated user embed shell metacharacters in a LocalPersistentVolume storage name, which is interpolated unescaped into docker volume shell commands and executed on managed servers when the associated resource is deleted. Rated CVSS 8.8 (CWE-78), it yields arbitrary command execution on downstream hosts controlled by the Coolify instance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 4.0.0-beta.471.

Command Injection Docker Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34058 HIGH PATCH This Week

OS command injection in Coolify's self-hosted server-management platform (all versions prior to 4.0.0-beta.471) lets any authenticated team member execute arbitrary shell commands on any managed remote server. The flaw lives in the Livewire Server\Resources component, whose public startUnmanaged/stopUnmanaged/restartUnmanaged methods take a browser-supplied container ID and interpolate it unescaped into SSH-executed shell commands. No public exploit identified at time of analysis and it is not in CISA KEV, but the trivially low complexity (CVSS 8.8) makes exploitation straightforward for anyone with a team account.

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34035 HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets an authenticated user execute arbitrary commands on the host by supplying log drain secret or environment values that are interpolated into shell commands without proper encoding. Because Coolify orchestrates the underlying host, the injected commands run with the platform's host-level context, effectively yielding host takeover. No public exploit identified at time of analysis; this is not in CISA KEV and no POC is referenced, so risk is driven by the ease of authenticated exploitation rather than confirmed in-the-wild activity.

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-42153 HIGH PATCH This Week

Command injection in Coolify self-hosted PaaS versions prior to 4.0.0-beta.474 allows an authenticated user to run arbitrary OS commands inside the PostgreSQL database container by supplying malicious postgres_user or postgres_db values that are interpolated into shell-form healthcheck commands (CWE-78). Because the CVSS vector is PR:L/UI:N with full high impact to confidentiality, integrity, and availability, any user able to create or configure a database can achieve container-level code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection PostgreSQL Coolify
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-34049 LOW PATCH Monitor

Command injection in Coolify's MongoDB backup handler (versions 4.0.0-beta.451 through 4.0.0-beta.470) allows a highly privileged attacker who controls backup configuration to inject OS-level shell commands via unsanitized metacharacters in MongoDB collection names. The attack requires an already-administrative account capable of modifying backup inputs, substantially limiting the realistic threat surface. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the vendor released a fix in v4.0.0-beta.471.

Command Injection Coolify
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.2%
CVE-2026-34599 HIGH PATCH This Week

Privilege escalation to root command execution in Coolify (self-hosted PaaS) prior to 4.0.0-beta.471 lets any authenticated user holding the lowest-privilege team 'member' role run arbitrary OS commands as root on every server Coolify manages. The flaw lives in the GetLogs Livewire component, whose $container public property is unsanitized and lacks the #[Locked] attribute, so any team member can tamper with it over the Livewire wire protocol. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low authentication barrier and full CIA impact make it high priority for any multi-tenant Coolify deployment.

Command Injection Docker Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2026-42204 HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/app/database management platform) versions 4.0.0-beta.471 through 4.0.0-beta.473 lets an authenticated team member run arbitrary shell commands on the underlying host. A regression weakened the SHELL_SAFE_COMMAND_PATTERN allowlist so that ampersands were permitted in custom Docker Compose build, start, and pre/post-deployment command fields, enabling command chaining. The issue is fixed in 4.0.0-beta.474; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Docker Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVSS 8.8
HIGH This Week

OS command injection in Pheditor 2.0.1 through 2.0.5 lets an authenticated user with the default-enabled `terminal` permission bypass the TERMINAL_COMMANDS allowlist and run arbitrary shell commands as the web server user. The flaw is an incomplete fix for GHSA-9643-6xjp-vx57: the sanitization blocklist added `$` but still misses the single pipe `|`, backtick, and newline (0x0A), each of which starts with a whitelisted prefix and slips past both filters. A fully working exploit is published in the GHSA advisory, and because Pheditor ships with the default password `admin`, the required authentication is frequently trivial to obtain, effectively lowering the barrier to unauthenticated RCE.

Command Injection PHP
NVD GitHub
CVSS 8.8
HIGH This Week

Authenticated command-injection in Pheditor 2.0.4 lets any user holding the 'terminal' permission bypass the TERMINAL_COMMANDS allowlist and run arbitrary OS commands as the web server user. The terminal handler only blocks '&', ';', and '||' and validates commands with a prefix check before handing the full string to shell_exec(), so shell substitution like ls$(...) satisfies the allowlist while executing attacker-controlled code. A working PoC is published in the GitHub advisory, though there is no public exploit identified as a standalone weaponized tool and no active exploitation reported.

Command Injection Docker PHP
NVD GitHub
CVSS 8.8
HIGH This Week

PowerShell command injection in Lenovo XClarity Integrator for Microsoft Windows Admin Center (versions 5.1.1 and below) running on the WAC Gateway allows an authenticated low-privileged attacker to inject arbitrary PowerShell commands when the plugin establishes remote PowerShell sessions. Successful exploitation yields high-impact code execution that extends beyond the plugin into subsequent systems (managed hosts), with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Lenovo Microsoft Command Injection +1
NVD VulDB
CVSS 9.3
CRITICAL PATCH Act Now

Command injection in Microsoft Kiota before 1.32.5 lets a malicious or compromised OpenAPI description dictate the install command that Kiota presents to developers. When a developer runs `kiota info` (or the VS Code extension's `kiota info --json` dependency-install flow) against an attacker-controlled spec, Kiota reads the `x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand` field plus attacker-chosen dependency name/version values and surfaces them as its trusted recommended install command, achieving arbitrary command execution when that command is run. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the fix explicitly removes the untrusted extension field.

Command Injection RCE Code Injection +1
NVD GitHub
CVSS 9.2
CRITICAL Act Now

OS command injection in WWBN AVideo through version 29.0 allows attackers to execute arbitrary operating-system commands as the web-server user via the ffmpeg.json.php endpoint. The notifyCode and callback request parameters are concatenated into a shell command without escaping, so an attacker able to produce a valid encrypted payload can inject shell metacharacters and achieve remote code execution. No public exploit identified at time of analysis; the flaw carries a CVSS 4.0 base score of 9.2, though successful exploitation is gated by the requirement to forge a valid encrypted payload.

PHP Command Injection Avideo
NVD GitHub
CVSS 9.2
CRITICAL Act Now

OS command injection in AVideo (WWBN) through version 29.0 lets remote attackers who can forge a valid encrypted codeToExec payload run arbitrary shell commands as the web-server user via the listFFmpegProcesses() function in the standAlone plugin API. The flaw is unauthenticated (PR:N) but non-trivial to reach because it depends on producing an accepted encrypted parameter, and no public exploit or CISA KEV listing is identified at time of analysis.

PHP Command Injection Avideo
NVD GitHub VulDB
HIGH POC PATCH This Week

OS command injection in the Node.js `systeminformation` library (npm, versions <= 5.31.6) lets a local actor run arbitrary commands with the privileges of any process that calls `networkInterfaces()` on Linux. While collecting DHCP state, `checkLinuxDCHPInterfaces()` reads Debian/Ubuntu `interfaces(5)` files and interpolates each `source <path>` token - read from file content - unquoted into a `cat ... | grep` string executed via `execSync()`/`/bin/sh`. Publicly available exploit code exists (a verbatim-sink PoC in the advisory); there is no CISA KEV listing and no CVSS score was assigned by the source, but a vendor patch (5.31.7) is available.

Debian Node.js Apple +3
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

OS command injection in Wekan (the open-source Meteor-based kanban board) before version 9.07 lets an authenticated user execute arbitrary commands on the server by uploading an avatar with shell metacharacters in its filename. The user-supplied filename is embedded into a shell string passed to child_process.exec() for MIME-type detection in models/avatars.js and models/fileValidation.js, so backticks or $() in the name run as server-side commands. No public exploit is identified at time of analysis, but the vendor commit and advisory confirm the flaw; it is fixed in v9.07.

Command Injection Wekan
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

GitHub Actions expression injection in MaaAssistantArknights' dev-v2 CI (release-preparation.yml) lets an external attacker execute arbitrary shell commands on the ubuntu-latest runner by opening a non-draft fork pull request whose title begins with 'Release v'. The attacker-controlled pull_request.title was inlined directly into a run: block during opened, reopened, and ready_for_review events, so a crafted title breaks out of the sed command in the generate-changelog job. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the class is trivially weaponizable and the fix commit (cafc3946) is public. EPSS was not provided.

Ubuntu Command Injection Maaassistantarknights
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the host by chaining a Host-header spoof (to reach routes that are supposed to be localhost-only) with unsanitized MCP plugin arguments that flow into child_process.spawn() via the /api/mcp//sse endpoint. Rated CVSS 8.8 (CWE-78, OS command injection), it is fixed in 0.5.2; no public exploit or CISA KEV listing exists at time of analysis, though a vendor advisory and fix commit are published.

RCE Command Injection 9Router
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Command injection in NocoBase's @nocobase/plugin-backups prior to v2.1.19 allows an authenticated backup-management user to execute arbitrary OS commands as the NocoBase server process by restoring a crafted backup archive. The database.schema field from a backup's _metadata.json is interpolated directly into a shell command string passed to Node.js child_process.exec(), a classic CWE-78 pattern that bypasses any sanitization at the shell level. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the commit diff confirms the mechanism is straightforward and the fix is available in v2.1.19.

Node.js Command Injection PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 8.4
HIGH PATCH This Week

OS command injection in AWS jsii-diff before 1.131.0 lets a context-dependent attacker execute arbitrary shell commands when a victim runs the tool against an attacker-controlled 'npm:' source specifier. The npm package-loading component fails to sanitize the package specifier before passing it to a shell, so a crafted specifier is interpreted as a command. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor-released patch (v1.131.0) is available.

Node.js Command Injection
NVD GitHub
CVSS 8.8
HIGH POC This Week

Authenticated remote code execution in LangBot (pip package 'langbot', versions <= 4.10.5) allows any logged-in user to run arbitrary OS commands on the host by registering a malicious 'STDIO' MCP server through the Extensions > MCP configuration UI. Because LangBot passes the user-supplied command straight to the MCP SDK's StdioServerParameters, which spawns it as a subprocess, an attacker who signs up or uses stolen credentials gains full host takeover. A step-by-step and video proof-of-concept is public (publicly available exploit code exists), though there is no confirmed active exploitation.

RCE Command Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Command injection in Tabby (formerly Terminus) terminal emulator before 1.0.234 lets an attacker achieve code execution by tricking a victim into dragging and dropping a crafted file whose path contains shell command-substitution metacharacters ($(...) or backticks). Because the drop handler in tabby-electron/src/pathDrop.ts inserted the raw path into the active shell without neutralizing these characters, the payload runs when the victim presses Enter. This is an incomplete-fix follow-up to CVE-2026-45038, which only addressed control characters; no public exploit is identified at time of analysis and it is not listed in CISA KEV.

RCE Command Injection Tabby
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

OS command execution in PraisonAI before 4.6.78 lets an attacker who can supply a workflow definition escape the inline-Python sandbox and run arbitrary shell commands with the privileges of the agent process. The flaw lives in JobWorkflowExecutor._exec_inline_python(), whose AST-based validation fails to reject `import os` followed by `os.system()`, turning a malicious YAML workflow file into RCE. No public exploit code or CISA KEV listing is identified at time of analysis, though the bypass technique is described in detail in the vendor advisory.

RCE Command Injection Praisonai
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote command execution in Open Source GPT Researcher v3.3.7 lets attackers run arbitrary OS commands on a victim's machine when the user interacts with a crafted HTML page, exploiting a command injection (CWE-77) weakness. The flaw was reported by MITRE and detailed in ox.security research covering RCE across the AI/MCP ecosystem; no public exploit is identified in CISA KEV, and EPSS probability is low (0.21%). Because GPT Researcher autonomously fetches and processes web content, a malicious page encountered during a research run can drive execution on the host.

Command Injection N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in LiteLLM 1.18.10 lets attackers who can configure MCP (Model Context Protocol) servers supply arbitrary `command` and `args` values in the server-creation JSON, which LiteLLM passes to the host OS without validation, yielding remote code execution as the LiteLLM process. The flaw is part of the broader MCP-stdio supply-chain advisory disclosed by ox.security across the AI ecosystem and is documented in LiteLLM's own April 2026 advisory. No public exploit is identified in the provided data, and EPSS is low (0.32%, 24th percentile), so widespread automated exploitation is not currently indicated despite the CVSS 9.8 rating.

RCE Command Injection N A
NVD GitHub VulDB
EPSS 1% CVSS 8.2
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.

RCE Command Injection Adobe Animate 2023 +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.

RCE Command Injection Adobe Animate 2023 +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege access inject and run arbitrary commands over the network, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Command Injection Windows Admin Center
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.

Microsoft Command Injection Microsoft Copilot
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard User Service lets an already-authenticated low-privileged user run OS commands in the service's higher-privilege security context by injecting special elements into a command the service constructs (CWE-77). Affected platforms are Windows 11 24H2/25H2 and Windows Server 2025 (including Server Core). Microsoft has issued a patch; there is no public exploit identified at time of analysis and the flaw is not on the CISA KEV list.

Microsoft Command Injection Windows 11 Version 24H2 +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Narrator (the built-in screen reader) arises from improper neutralization of special elements in its Braille support component, allowing an already-authenticated local attacker (PR:L) to inject and execute OS commands that run with elevated privileges. All supported Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025 are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, so exploitation is not confirmed as active.

Microsoft Command Injection Windows 10 Version 1809 +10
NVD
EPSS 1% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Visual Studio Code stems from a command injection flaw (CWE-77) that lets an attacker run arbitrary commands on the host with the privileges of the editor. Reported by Microsoft with a vendor patch available, the CVSS 3.1 score of 8.4 reflects full compromise of confidentiality, integrity, and availability via a local attack vector requiring no privileges or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Visual Studio Code
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.

Microsoft Command Injection Microsoft 365 Copilot For Android +1
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

OS command injection in the TP-Link Archer VX1800v (v1) router lets an adjacent, high-privileged attacker inject shell metacharacters through the domain name parameter of an HTTP management interface, yielding arbitrary command execution as root and full device takeover. The flaw scores CVSS 4.0 8.5 (High) and a vendor firmware patch is available; no public exploit identified at time of analysis. Note a naming discrepancy in the source data - the free-text description says 'VX800v' while the CPE and tags reference 'VX1800V' - so verify the exact affected model against the TP-Link advisory before acting.

RCE Command Injection Archer Vx1800V V1
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Root-level OS command injection in the TR-069/CWMP management client of the TP-Link Archer VX1800v v1 gateway lets an attacker who controls (or has compromised) the ACS provisioning server inject unsanitized parameters that the device executes as system-level commands. Because CWMP provisioning is trusted implicitly, a malicious or hijacked ACS can push crafted values that yield arbitrary command execution as root and full device takeover. No public exploit identified at time of analysis, and the flaw was reported by TP-Link itself; a firmware fix is available.

Command Injection Archer Vx1800V V1
NVD
EPSS 5% CVSS 9.2
CRITICAL POC Act Now

Remote command injection in the Sustainable Irrigation Platform (SIP) through version 5.2.16 lets unauthenticated or CSRF-driven attackers store a malicious payload via the optional cli_control plugin's HTTP endpoint and execute arbitrary OS commands on the host when the linked irrigation station is activated. Because the plugin ships with no passphrase protection or the well-known default passphrase 'opendoor', exploitation is trivial on default installs. Publicly available exploit code exists (ZeroScience/VulnCheck), though the flaw is not listed in CISA KEV, and the CVSS 4.0 base score is 9.2 (Critical).

CSRF Command Injection Sip
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

OS command injection in Milestone Systems XProtect Management Server API enables authenticated users with edit permissions to execute arbitrary code as the Management Server Service. The CWE-78 flaw is network-accessible (AV:N) and requires no user interaction beyond possessing a privileged account, with CVSS 4.0 scope change metrics indicating high downstream impact (SC:H/SI:H/SA:H) to the broader surveillance infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis; Milestone has released patched versions addressed in their official advisory.

RCE Command Injection Xprotect Management Server
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Privilege escalation in Checkmk's mk_sap_hana agent plugin allows a local unprivileged user to execute arbitrary commands as root by planting a process whose name mimics a SAP HANA instance. The plugin, when running as root under the RUNAS=agent configuration and lacking explicit database configuration, blindly reads the OS process list to derive SAP HANA instance identifiers and injects them unsanitized into a shell command executed with root privileges - a textbook CWE-78 OS command injection. No public exploit code or CISA KEV listing exists at time of analysis, but the attack prerequisites are achievable on any misconfigured Checkmk deployment that monitors SAP environments.

Privilege Escalation SAP Command Injection +1
NVD
EPSS 1% CVSS 1.9
LOW POC Monitor

OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary operating system commands through the ExecTool.Execute function in internal/agent/tools/exec.go. A publicly available proof-of-concept exploit exists (GitHub issue #43), elevating practical risk despite the moderate CVSS 4.0 score of 4.8. No patch has been issued as the project maintainer has not responded to responsible disclosure, leaving all known deployments persistently exposed.

Command Injection Picobot
NVD VulDB GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

OS command injection in Apache Kylin (versions 4 through 5.0.3) allows attackers to execute arbitrary operating-system commands by supplying malicious job configuration parameters that a backend API passes unsanitized to the OS command line. Because Kylin runs as a distributed analytics engine, successful exploitation yields full host compromise with the privileges of the Kylin service account. Per the vendor CVSS (AV:N/PR:N), the flaw is scored as network-reachable and unauthenticated with high impact across confidentiality, integrity, and availability; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Apache Kylin
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Remote OS command execution in Vitec Flamingo 4.12.2 lets unauthenticated attackers run arbitrary commands as root through the admin/ajax/gen_graphs.php graph-generation endpoint. The start, end, key, and format GET parameters are passed unsanitized into a PHP passthru() shell call, and because the web server runs with passwordless sudo the impact escalates to full root compromise. Publicly available exploit code exists (VulnCheck), though there is no CISA KEV listing, so this is a high-priority, easily weaponizable flaw.

Command Injection PHP Flamingo
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated OS command injection in Vitec Flamingo 4.12.2 (IPTV distribution) lets remote attackers run arbitrary commands as root through the admin/ajax/ping.php endpoint. The flaw stems from a double-evaluation bug where a system wrapper re-uses the decoded, un-escaped host value in a second shell call executed via passwordless sudo. Publicly available exploit code exists (VulnCheck); no active exploitation is confirmed in CISA KEV at time of analysis.

Command Injection PHP Flamingo
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Command injection in the evbee DC-80 EV charger allows remote unauthenticated attackers to execute arbitrary operating-system commands via the 'NPC start' endpoint exposed on the device's web server at TCP port 8090. Reported by DIVD (Dutch Institute for Vulnerability Disclosure), the flaw carries a CVSS 4.0 base score of 9.3 with a fully network-exploitable vector (AV:N/PR:N/UI:N) and high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; no EPSS score was supplied.

Command Injection Dc 80
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

OS command injection in the EVBEE DC-80 electric-vehicle DC charger lets an actor who can send OCPP messages execute arbitrary commands as root by tampering with the data value of the vendor-specific `ReserveLogin` DataTransfer message. The flaw was reported by DIVD (Dutch Institute for Vulnerability Disclosure) and affects the charger's OCPP handling; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because execution occurs as root, successful exploitation results in full compromise of the charging station.

Command Injection Dc 80
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in the evbee DC-80 EV charging station is possible through a command injection flaw in the network diagnosis endpoint exposed on the web server at TCP port 8090. Because the CVSS 4.0 vector specifies no privileges and no user interaction (AV:N/PR:N/UI:N), a remote unauthenticated attacker who can reach port 8090 can inject operating-system commands and fully compromise the device. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the DIVD coordinated disclosure and 9.3 (Critical) score make it a high-priority defect.

Command Injection Dc 80
NVD
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Shibby Tomato firmware up to 1.28.0000 allows authenticated remote attackers to execute arbitrary commands on the underlying router OS by manipulating the cifs1 or cifs2 arguments passed to the CIFS Mount Handler function sub_2D048. A publicly available proof-of-concept exploit exists on Gitee, lowering the barrier to exploitation. The risk is compounded by the fact that Shibby Tomato is an end-of-life project with no active maintenance, superseded by FreshTomato, meaning no patch is forthcoming from the original vendor.

Command Injection Tomato
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Shibby Tomato router firmware through version 1.28.0000 allows low-privileged remote attackers to execute arbitrary OS commands by manipulating the jffs2_exec argument in the start_jffs2 component's sub_2D568 function. A publicly available proof-of-concept exploit exists on Gitee, confirming exploitability beyond theoretical analysis. The project is officially abandoned and superseded by FreshTomato, meaning no vendor patch will ever be released - remediation requires migrating to supported firmware.

Command Injection Tomato
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC PATCH Monitor

OS command injection in the Wavlink WL-NU516U1 router's CGI web administration interface allows authenticated network attackers to execute arbitrary operating system commands by injecting shell metacharacters into the lan_ip parameter of the adm.cgi endpoint. The wlink_uci_set_value function passes attacker-controlled input unsanitized into OS-level commands, enabling full compromise of the underlying Linux-based router OS. A public proof-of-concept exploit is available on GitHub (no public exploit identified at time of analysis for KEV), and the vendor has released a patched firmware as of June 22, 2026.

Command Injection Wl Nu516U1
NVD VulDB GitHub
EPSS 3% CVSS 8.9
HIGH This Week

OS command injection in the Comfast CF-WR631AX V3 WiFi router (firmware through 2.7.0.8) lets remote attackers execute arbitrary operating-system commands by manipulating the filename argument in the system_wl_upload_pic_file routine of the /usr/bin/webmgnt FastCGI backend. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation, and publicly available exploit code exists (E:P). It is not listed in CISA KEV, so there is no confirmed active exploitation, but the public disclosure lowers the barrier for opportunistic attacks against exposed devices.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in SonicCloudOrg sonic-agent up to version 2.7.2 allows remote low-privileged attackers to execute arbitrary system commands via the evalIsFailed function in the Groovy Script Handler component. The public proof-of-concept - titled 'Unsandboxed_RCE' - confirms that Groovy scripts are executed without a security sandbox, enabling full host-level command execution. Critically, this is an end-of-life product with no vendor response and no patch, meaning no fix is forthcoming; no public exploit identified in CISA KEV at time of analysis, but a public POC exists.

Command Injection Java Sonic Agent
NVD VulDB GitHub
EPSS 2% CVSS 2.1
LOW POC Monitor

OS command injection in SonicCloudOrg sonic-agent (all versions up to 2.7.2) enables remote code execution through the Android WebSocket Server component. An authenticated remote attacker can manipulate the `path` argument in AndroidWSServer.java to inject arbitrary OS commands on the host running the agent. Publicly available exploit code exists (GitHub PoC by xpp3901), no vendor patch will be issued as the product is end-of-life, and the vendor is unresponsive to disclosure - creating a permanent, unmitigable risk for any active deployment.

Command Injection Java Google +1
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM Monitor

OS command injection in the TRENDnet TEW-821DAP wireless access point firmware enables authenticated remote attackers to execute arbitrary operating system commands by manipulating the Hostname parameter submitted to the /goform/system_ntp endpoint, processed by function sub_41FBD0. The device (v1.0R hardware, firmware 1.11B03) is confirmed end-of-life, and the vendor has explicitly declined to investigate or remediate the issue. No patch will be released; no public exploit code is confirmed at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH Monitor

OS command injection in TRENDnet TEW-821DAP firmware 1.11B03 allows a network-adjacent authenticated attacker to execute arbitrary shell commands by manipulating the hostname, username, or password parameters in the DDNS configuration handler at /goform/tools_ddns. The affected product is officially end-of-life - the vendor has declined to issue a patch and disputes ability to confirm the vulnerability on the v1.0R hardware revision. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CWE-78 vulnerability class is trivial to weaponize once firmware internals are mapped via the linked IOT research repository.

Command Injection Tew 821Dap
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH Monitor

OS command injection in the TRENDnet TEW-821DAP 1.11B03 wireless access point allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the nslookup_target or dns_server arguments passed to the DNS Lookup Handler at /goform/tools_nslookup (function sub_43F2C4). The affected device is end-of-life and the vendor has explicitly declined to patch it, stating they cannot confirm the vulnerability's existence for the TEW-821DAP v1.0R. No public exploit code or CISA KEV listing has been identified at time of analysis, though the network-accessible attack surface and EOL status make remediation by replacement the only viable long-term strategy.

Command Injection Tew 821Dap
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Command injection in the TRENDnet TEW-635BRM wireless router (firmware through 1.00.03) lets an authenticated remote attacker inject OS commands via the ipoa_ipaddr argument handled by the ipoa_test function in /sbin/rc during IPoA WAN connection setup. Publicly available exploit code exists (published via VulDB and a researcher write-up), and because the device runs its control logic as a privileged system process, successful injection yields full command execution on the router. The product has been end-of-life since 2011 and the vendor will not issue a fix, so exposure is permanent for still-deployed units; there is no CISA KEV listing or confirmation of active exploitation.

Command Injection Tew 635Brm
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Code Engine WordPress plugin (all versions ≤ 0.3.5) lets authenticated users with Contributor-level access or higher run arbitrary PHP/code on the server via the 'code-engine' shortcode, because the plugin fails to restrict access to its code-injection functionality. Reported by Wordfence, the flaw carries a CVSS 8.8 (high) rating; there is no public exploit identified at time of analysis, though the technique (abusing a shortcode that intentionally executes snippets) is straightforward for anyone with authoring rights. This turns the plugin's core 'run PHP snippets' feature into a privilege-escalation path from low-trust content contributors to full server code execution.

Command Injection WordPress RCE +1
NVD VulDB
EPSS 2% CVSS 8.7
HIGH PATCH This Week

Privilege escalation to root in the HestiaCP web hosting control panel (versions before 1.9.5) lets any low-privilege authenticated user run arbitrary OS commands as root by injecting a single-quote into an unvalidated DNS record type field. The flaw chains weak input validation in is_dns_record_format_valid() with unsafe eval-based zone parsing in update_domain_zone(), turning a routine DNS record creation into full host takeover. No public exploit is identified at time of analysis, but VulnCheck has published a detailed advisory and the vendor shipped a fix in 1.9.5.

Command Injection RCE Hestiacp
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated user achieve arbitrary command execution on the host by importing a crafted .tool file that declares an MCP stdio transport and triggering it through an AI Chat node. Because the tool-import path (apps/tools/serializers/tool.py) and the MCP referencing path (base_chat_step.py) fail to consistently validate the MCP transport type, the MultiServerMCPClient spawns the attacker's stdio command locally. Rated CVSS 8.8; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Maxkb
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Command execution allowlist bypass in PraisonAI before 4.6.78 lets a low-privileged attacker who can supply commands to the framework's restricted-execution feature slip past its shell-metacharacter filters by abusing find's built-in -exec, -execdir, and -delete actions. Because those actions run binaries and delete files entirely inside the find process, they never trip the metacharacter allowlist, so the attacker can read blocked files, delete arbitrary files, and launch non-allowlisted binaries. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the CVSS 4.0 base score of 8.7 (High) reflects full loss of confidentiality, integrity, and availability of the affected system.

Command Injection Praisonai
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged attacker inject operating-system commands during OS Repository processing, resulting in full appliance compromise. Because PowerFlex Manager orchestrates storage and HCI infrastructure, code execution as root also enables lateral movement into managed nodes. There is no public exploit identified at time of analysis, and Dell has released a fixed build (5.1.0.1) via advisory DSA-2026-066.

Command Injection Dell Powerflex Manager
NVD VulDB
EPSS 1% CVSS 9.0
CRITICAL Act Now

OS command injection as root in the R-SOFT DMS Optical Character Recognition (OCR) module lets an authenticated attacker run arbitrary shell commands. Multiple OCR command-execution functions accept user-controllable file paths and pass them unsanitized to the system shell over SSH, yielding full root-level compromise of the document management server. No public exploit has been identified at time of analysis, and the flaw is mitigated in the default web-upload flow because URL encoding neutralizes the injection, which is reflected in the high attack complexity (AC:H).

Command Injection
NVD VulDB
EPSS 1% CVSS 8.7
HIGH This Week

OS command injection in R-SOFT DMS lets an authenticated user run arbitrary shell commands as the web server account by abusing the document converter. The konwertujAction() routine builds shell commands from unsanitized file-path and format parameters (CWE-78), so any user who can trigger a conversion can inject commands. Discovery is credited to CERT Polska; no public exploit identified at time of analysis and it is not listed in CISA KEV. CVSS 4.0 base is 8.7 (High).

Command Injection
NVD VulDB
CVSS 8.0
HIGH PATCH This Week

OS command injection in the wnx/laravel-backup-restore Composer package (fixed in v1.9.4) allows an attacker who can get a malicious backup archive restored to run arbitrary shell commands as the Laravel application user. The restore workflow interpolates an unescaped ZIP entry filename from the db-dumps directory directly into shell command strings (mysql, psql, sqlite3, gunzip) executed via Symfony Process::fromShellCommandline(), so shell metacharacters in the filename are interpreted by /bin/sh. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the flaw is trivially exploitable once a crafted archive reaches the restore path.

Command Injection Microsoft PHP
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.

Command Injection Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 allows a logged-in user to run arbitrary shell commands inside deployment containers by supplying malicious health-check parameters. The generate_healthcheck_commands() routine in ApplicationDeploymentJob.php interpolates the health_check_host, health_check_method, and health_check_path values straight into a shell command line, so any user able to configure an application's health check gains OS command execution during deployment. No public exploit identified at time of analysis, but the upstream fix and advisory (GHSA-4fhp-xqqp-w7vv) publicly document the vulnerable code path.

Command Injection PHP
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote code execution in Ruflo (an agent meta-harness for Claude Code and Codex) before 3.16.3 arises because the default docker-compose deployment exposes the MCP bridge's POST /mcp and POST /mcp/:group endpoints with no authentication. A network attacker can send a JSON-RPC tools/call to the terminal_execute tool to gain an interactive shell inside the bridge container, exfiltrate provider API keys, and tamper with AgentDB learning-store patterns. Rated CVSS 10.0 with a scope change; no public exploit identified at time of analysis, and it is not in CISA KEV.

Command Injection Docker
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Command injection in self-hosted Hoppscotch instances prior to 2026.6.0 allows an authenticated administrator to achieve root-level code execution in the backend container. The updateInfraConfigs GraphQL mutation accepts an attacker-controlled MAILER_SMTP_URL whose path, query, or fragment is parsed by nodemailer into sendmail transport options, turning SMTP configuration into arbitrary command execution once the service restarts and sends mail. No public exploit identified at time of analysis, but the flaw is confirmed and patched upstream in release 2026.6.0.

Command Injection
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Discourse (via the discourse-ai plugin's PDF-to-text feature) allows an attacker who can upload a crafted PDF to run arbitrary commands on the server, but only in non-default configurations where an LLM vision model is configured. The flaw is a CWE-78 OS command injection reached when uploaded PDFs are rasterized through ImageMagick, which in turn invokes an external delegate (Ghostscript) on attacker-controlled input. It is not in CISA KEV and has no public exploit identified at time of analysis; EPSS is low at 0.33% (25th percentile), and vendor patches exist across all supported release lines.

Command Injection Discourse
NVD GitHub VulDB
EPSS 1% CVSS 1.9
LOW Monitor

OS command injection in the Android WebView JavaScript bridge of openclaw-android (versions up to 0.4.0) permits a local, low-privileged attacker to execute arbitrary OS commands through the `JsBridge.kt` component. Exploitation is constrained to local device access, limiting real-world blast radius, but a publicly disclosed proof-of-concept exists per the CVSS 4.0 E:P supplemental metric. No patch has been released - a remediation pull request (#137) is pending acceptance, leaving all users on version 0.4.0 or earlier exposed.

Command Injection Java Google
NVD GitHub VulDB
EPSS 1% CVSS 8.4
HIGH PATCH This Week

Arbitrary shell command execution in gpsd's gpsprof profiling tool (through release-3.27.5) allows an attacker who controls a GPS device's subtype value to run commands as the user rendering the plot. The subtype string - taken from a DEVICES JSON log entry or an NMEA PGRMT sentence - is embedded into a generated gnuplot program's `set title` statement with only double quotes escaped, so backtick payloads execute when the victim renders the plot via the gpsprof/gnuplot workflow. This was reported by VulnCheck; a vendor fix is available (fixed at commit 4c06658), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Gpsd
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Arbitrary command execution on operator workstations in Cloud Foundry BOSH CLI before 7.10.5 allows a compromised or malicious BOSH Director to inject and run shell commands locally when an operator invokes bosh ssh, bosh scp, or bosh logs -f with default flags. Because the CLI trusts director-supplied data and passes it into a shell, a controlled director turns a routine operator action into local code execution on the trusted management host. No public exploit identified at time of analysis; not listed in CISA KEV, though the reference blog by Cloud Foundry (originally reported by VMware) confirms the flaw and a fixed release.

Bosh Cli Command Injection
NVD VulDB
CVSS 10.0
CRITICAL POC PATCH Act Now

OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.

Python Kubernetes Microsoft +3
NVD GitHub
EPSS 2% CVSS 7.7
HIGH PATCH This Week

OS command injection in the Horde_Vfs_Smb driver of the Horde Virtual File System (VFS) API before 3.0.1 lets authenticated users execute arbitrary shell commands on the server. The flawed _escapeShellCommand() method fails to neutralize shell command-substitution sequences, so attacker-controlled filenames passed through routine file operations are interpolated into a double-quoted /bin/sh -c context and executed via proc_open() before smbclient runs. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch (v3.0.1) exists and the CVSS 4.0 base score is 7.7 (High).

Command Injection File Upload Vfs
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. Publicly available exploit code exists (SSVC exploitation status: poc) but the flaw is not listed in CISA KEV.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote administrator inject arbitrary shell commands through the wan_hostname parameter, which is passed unsanitized into the start_bonjour() routine of the 'rc' binary. Because the 'rc' process runs as root, successful exploitation yields full command execution and complete device takeover. Publicly available exploit details exist in an IoT vulnerability write-up; there is no evidence of active exploitation (not in CISA KEV) and no EPSS score was provided.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Command injection in ToolJet's GitHub Actions render preview deployment workflow allows any GitHub user capable of commenting on an open pull request to execute arbitrary shell commands on the CI runner and exfiltrate deployment secrets. The root cause is unsanitized interpolation of `github.event.comment.body` directly into a bash conditional within a `run` step, meaning a single malicious PR comment can pivot to full CI runner compromise. No CISA KEV listing exists at time of analysis, but the attack technique - GitHub Actions expression injection - is extremely well-documented publicly, making practical exploitation trivial for any GitHub user with PR commenting rights.

Command Injection Tooljet
NVD GitHub
EPSS 1% CVSS 1.9
LOW Monitor

Command injection in bentoml OpenLLM 0.6.30 allows local low-privilege users to execute arbitrary shell commands by supplying crafted model repository directory name arguments to the `async_run_command` function in `src/openllm/common.py`. A public proof-of-concept exploit is available per the CVSS 4.0 E:P modifier and disclosure notes, though no CISA KEV listing exists and the project had not responded to responsible disclosure at the time of reporting. The CVSS 4.0 base score of 1.9 reflects a constrained real-world risk profile due to the strictly local attack vector and limited Low-rated confidentiality, integrity, and availability impact.

Command Injection Openllm
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

OS command injection in christopherthielen/check-peer-dependencies up to version 4.3.4 allows remote low-privileged attackers to execute arbitrary operating system commands via the shelljs.exec() call in dist/packageUtils.js when processing peerDependency data. The vulnerable code path passes unsanitized dependency-related input directly to a shell execution function, a classic CWE-78 pattern. No vendor patch is available at time of analysis - the project maintainer has not responded to the issue report filed on GitHub (issue #74), and no KEV listing exists. EPSS data was not provided, so broad exploitation probability cannot be quantified.

Command Injection Check Peer Dependencies
NVD VulDB GitHub
MEDIUM PATCH This Month

SMTP command injection in aiosmtplib (all versions through 5.1.0) enables any attacker who can influence email addresses passed to SMTP.mail(), SMTP.rcpt(), SMTP.vrfy(), SMTP.expn(), or the higher-level SMTP.sendmail() to inject arbitrary SMTP protocol commands by embedding CR/LF bytes in the address string. Applications that accept sender or recipient addresses from untrusted input - web forms, APIs - and forward them to these methods without CR/LF sanitization are at risk of session desynchronization, client-side denial of service via SMTP client hang, or delivery of attacker-crafted email through the victim application's SMTP connection. No vendor-released patch version is confirmed from available data at time of analysis, and no public exploit has been identified.

Command Injection Denial Of Service
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote unauthenticated OS command injection in 9Router before 0.4.44 lets attackers run arbitrary commands as root via the POST /api/tunnel/tailscale-install endpoint, which is excluded from the dashboard authorization middleware. The attacker-supplied sudoPassword field is piped to the stdin of a 'sudo -S sh' child process; when sudo does not prompt for a password, sh interprets that value as a shell command. Active exploitation evidence was reported by the Shadowserver Foundation on 2026-07-04; this is not (yet) listed in CISA KEV, and no public exploit code is referenced in the supplied data.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an already-authenticated, high-privileged remote user break out of the appliance's restricted management context and run arbitrary commands as root. Dell rates it Critical because the flaw defeats the platform's protection mechanism and yields full root-level code execution on the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Dell explicitly urges customers to upgrade at the earliest opportunity.

Command Injection Dell Powerprotect Data Domain
NVD
HIGH POC PATCH This Week

Authenticated OS command execution in EGroupware allows an administrator to escalate from web-application access to arbitrary shell commands as the web server user (typically www-data). The flaw lives in the eTemplate engine's Widget::expand_name(), where widget attribute values are passed into a PHP eval() with only double-quotes escaped, leaving backtick shell-execution operators intact; an admin uploads a malicious .xet template to the /etemplates VFS mount to trigger it. A detailed proof-of-concept is published in the vendor's GitHub Security Advisory (publicly available exploit code exists), though there is no evidence of active exploitation.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

OS command injection in Coolify's database service configuration API allows authenticated administrators to execute arbitrary shell commands within Docker container contexts by embedding shell metacharacters into database credential fields. All Coolify versions prior to 4.0.0-beta.474 are affected, covering deployments managing Redis, KeyDB, Dragonfly, ClickHouse, PostgreSQL, and MySQL services. No public exploit code has been identified at time of analysis, and the CVSS PR:H requirement confines the attack surface to already-privileged admin accounts, positioning this as a post-compromise escalation risk rather than an initial access vector.

Command Injection Docker Coolify
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify, the open-source self-hostable server/application/database management PaaS, allows an authenticated user with permission to edit application settings (versions prior to 4.0.0-beta.469) to run arbitrary commands on the managed host. The flaw lives in the executeInDocker() helper, which wraps user-controlled values in single quotes without escaping embedded quotes, letting an attacker break out of the quoted shell context during deployments and escape the intended Docker container confinement. No public exploit identified at time of analysis; this is not listed in CISA KEV.

Command Injection Docker Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify's self-hosted server/app management platform lets an authenticated user achieve remote code execution on the underlying host via a malicious database import container name. The database import Livewire component passes client-controlled container and server properties into shell commands without locking or validation, so any low-privileged authenticated user can inject arbitrary commands. Rated CVSS 8.8 and fixed in 4.0.0-beta.471; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection PHP Coolify
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/application/database management platform) versions prior to 4.0.0-beta.471 allows an authenticated low-privileged member to run arbitrary commands as root on managed servers by embedding shell metacharacters in persistent volume names, which are interpolated unescaped into shell commands during volume operations. The CVSS 3.1 score is 8.8 (High) with a network vector requiring only low privileges. No public exploit identified at time of analysis; an upstream fix commit and a tagged patched release exist.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection in Coolify before 4.0.0-beta.471 lets an authenticated user break out of the pre-deployment and post-deployment command fields and run arbitrary shell statements on the target deployment server. The supplied commands are single-quote escaped but then piped through an SSH heredoc transport that preserves newlines, so newline-delimited injected statements survive escaping and execute during deployment. No public exploit is identified at time of analysis, though the fixing pull request and commit are public and make the root cause easy to reconstruct; CVSS is 8.8 (High).

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Command injection in Coolify's DatabaseBackupJob allows authenticated users holding database management permissions to execute arbitrary OS commands on managed servers by embedding shell metacharacters in database credentials or MongoDB collection exclusion names. All Coolify releases prior to 4.0.0-beta.471 are affected. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, the practical impact substantially exceeds the official CVSS 3.3 Low rating because successful exploitation grants attacker-controlled shell execution on production infrastructure managed by the platform.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets a user with access to a server's Sentinel settings embed shell metacharacters in the sentinel_token value, which is passed unsanitized into a shell command and executed on the host the next time Sentinel is restarted (CWE-78). The flaw yields full host command execution with confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor has released a fixed build (v4.0.0-beta.466) with an available upstream commit.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/app management platform) before 4.0.0-beta.471 lets an authenticated user embed shell metacharacters in a LocalPersistentVolume storage name, which is interpolated unescaped into docker volume shell commands and executed on managed servers when the associated resource is deleted. Rated CVSS 8.8 (CWE-78), it yields arbitrary command execution on downstream hosts controlled by the Coolify instance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 4.0.0-beta.471.

Command Injection Docker Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify's self-hosted server-management platform (all versions prior to 4.0.0-beta.471) lets any authenticated team member execute arbitrary shell commands on any managed remote server. The flaw lives in the Livewire Server\Resources component, whose public startUnmanaged/stopUnmanaged/restartUnmanaged methods take a browser-supplied container ID and interpolate it unescaped into SSH-executed shell commands. No public exploit identified at time of analysis and it is not in CISA KEV, but the trivially low complexity (CVSS 8.8) makes exploitation straightforward for anyone with a team account.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets an authenticated user execute arbitrary commands on the host by supplying log drain secret or environment values that are interpolated into shell commands without proper encoding. Because Coolify orchestrates the underlying host, the injected commands run with the platform's host-level context, effectively yielding host takeover. No public exploit identified at time of analysis; this is not in CISA KEV and no POC is referenced, so risk is driven by the ease of authenticated exploitation rather than confirmed in-the-wild activity.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection in Coolify self-hosted PaaS versions prior to 4.0.0-beta.474 allows an authenticated user to run arbitrary OS commands inside the PostgreSQL database container by supplying malicious postgres_user or postgres_db values that are interpolated into shell-form healthcheck commands (CWE-78). Because the CVSS vector is PR:L/UI:N with full high impact to confidentiality, integrity, and availability, any user able to create or configure a database can achieve container-level code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection PostgreSQL Coolify
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Command injection in Coolify's MongoDB backup handler (versions 4.0.0-beta.451 through 4.0.0-beta.470) allows a highly privileged attacker who controls backup configuration to inject OS-level shell commands via unsanitized metacharacters in MongoDB collection names. The attack requires an already-administrative account capable of modifying backup inputs, substantially limiting the realistic threat surface. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the vendor released a fix in v4.0.0-beta.471.

Command Injection Coolify
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation to root command execution in Coolify (self-hosted PaaS) prior to 4.0.0-beta.471 lets any authenticated user holding the lowest-privilege team 'member' role run arbitrary OS commands as root on every server Coolify manages. The flaw lives in the GetLogs Livewire component, whose $container public property is unsanitized and lacks the #[Locked] attribute, so any team member can tamper with it over the Livewire wire protocol. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low authentication barrier and full CIA impact make it high priority for any multi-tenant Coolify deployment.

Command Injection Docker Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Coolify (self-hosted server/app/database management platform) versions 4.0.0-beta.471 through 4.0.0-beta.473 lets an authenticated team member run arbitrary shell commands on the underlying host. A regression weakened the SHELL_SAFE_COMMAND_PATTERN allowlist so that ampersands were permitted in custom Docker Compose build, start, and pre/post-deployment command fields, enabling command chaining. The issue is fixed in 4.0.0-beta.474; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Command Injection Docker Coolify
NVD GitHub
Page 1 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy