Command Injection

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

Command injection in LB-LINK BL-WR9000 2.4.9 via the /goform/set_wifi endpoint allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early disclosure notification.

OpenLiteSpeed and LSWS Enterprise web servers contain an OS command injection vulnerability that allows attackers with administrative privileges to execute arbitrary system commands. All versions of both products are affected according to EUVD data. While requiring high privileges limits the attack surface, successful exploitation grants complete system control with high impact to confidentiality, integrity, and availability (CVSS 7.2).

Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command injection in bazinga012 mcp_code_executor up to version 0.3.0 allows local attackers with user-level privileges to execute arbitrary commands through the installDependencies function in src/index.ts. Public exploit code exists for this vulnerability, affecting Python and Node.js environments. A patch is available and should be applied to remediate this local privilege escalation risk.

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

Remote command injection in Quip MCP Server 1.0.0 allows authenticated attackers to execute arbitrary system commands through the setupToolHandlers function in src/index.ts. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. The attack requires valid credentials but can be performed over the network with no user interaction needed.

Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.

Critical OS command injection vulnerability in Topsec TopACM 3.0's web management interface that allows unauthenticated remote attackers to execute arbitrary system commands. A public proof-of-concept exploit is available, and the vulnerability has a CVSS score of 9.8, though no active exploitation has been confirmed in CISA's KEV catalog. The vendor has not responded to disclosure attempts, leaving systems unpatched.

Critical command injection vulnerability in Wavlink WL-WN578W2 wireless routers (firmware version 221110) that allows unauthenticated remote attackers to execute arbitrary commands via specially crafted POST requests to multiple functions in the wireless.cgi script. A public proof-of-concept exploit is available on GitHub, and the vendor has released a patch, making this a high-priority issue for immediate remediation despite no current KEV listing.

Critical command injection vulnerability in Wavlink WL-WN579A3 wireless router firmware version 220323, allowing unauthenticated remote attackers to execute arbitrary commands via the SetName/GuestWifi functions in /cgi-bin/wireless.cgi. A public proof-of-concept exploit is available, and while a vendor patch exists, the vulnerability has not yet been added to CISA's KEV catalog despite its high severity (CVSS 9.8).

This issue affects Apache Spark: before 3.5.7 and 4.0.1.

Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability.

CVE-2026-26133 is an AI command injection vulnerability in Microsoft 365 Copilot and multiple Microsoft mobile/desktop applications that allows remote attackers to disclose sensitive information through crafted AI prompts. The vulnerability affects numerous Microsoft products across iOS, Android, and macOS platforms, requires user interaction, and has a patch available from Microsoft with no current evidence of active exploitation (not in KEV).

Command injection RCE in claude-hovercraft tool. EPSS 1.3%.

HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 versions up to 6.6 is affected by os command injection.

A weakness has been identified in OpenAkita versions up to 1.24.3. is affected by command injection (CVSS 5.3).

Command injection in 0xKoda WireMCP's Tshark CLI command handler allows local attackers with user privileges to execute arbitrary operating system commands through the server.tool function in index.js. Public exploit code exists for this vulnerability, though no patch is currently available. The impact is limited to local attack scenarios with potential for unauthorized code execution and system compromise.

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. [CVSS 8.8 HIGH]

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]

OpenClaw versions prior to 2026.2.21 allow local attackers with limited privileges to inject arbitrary systemd directives through unvalidated environment variables in unit file generation, enabling command execution with gateway service privileges. By manipulating config.env.vars and triggering service installation or restart, an attacker can bypass Environment= line constraints via newline injection to achieve arbitrary code execution. No patch is currently available for this command injection vulnerability.

Command injection in H3C ACG1000-AK230 through the /webui/?aaa_portal_auth_local_submit endpoint allows unauthenticated remote attackers to execute arbitrary commands by manipulating the suffix parameter. Public exploit code exists for this vulnerability, which affects versions up to 20260227 with no patch currently available. The vulnerability carries a CVSS score of 7.3 and provides attackers with partial access to confidentiality, integrity, and availability.

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]

Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.

Authenticated administrators of AOS-CX Switches can inject arbitrary commands through a custom binary in the CLI, potentially compromising switch integrity and network operations. This high-privilege attack requires valid credentials and direct network access but carries no patch availability, leaving affected deployments at persistent risk.

Authenticated remote attackers can execute arbitrary commands through malformed parameters in AOS-CX CLI commands, achieving remote code execution with high integrity and confidentiality impact. The vulnerability affects low-privileged users on networked systems and requires no user interaction to exploit. No patch is currently available for this command injection flaw.

TUBITAK BILGEM Software Technologies Research Institute Liderahenk is affected by missing authentication for critical function (CVSS 7.5).

Fortinet FortiSandbox Cloud 5.0.4 contains an OS command injection vulnerability that allows privileged super-admin users with CLI access to execute arbitrary code through malicious HTTP requests. The vulnerability requires high privileges and direct access but carries high impact including confidentiality, integrity, and availability compromise. No patch is currently available.

Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. [CVSS 7.2 HIGH]

A Siemens product has a command injection vulnerability enabling remote code execution.

Ghostty terminal emulator allows control characters embedded in pasted or drag-and-dropped text to execute arbitrary commands in certain shell environments, requiring only user interaction to trigger. An attacker can craft malicious text with invisible control sequences that, when copied/pasted by a user, execute unintended commands with the user's privileges. No patch is currently available for this vulnerability.

Command injection in Budibase 3.23.22 and earlier allows authenticated attackers with high privileges to execute arbitrary system commands by injecting malicious values into PostgreSQL connection parameters that are unsanitized in shell command construction. An attacker with administrative access can exploit this vulnerability to gain complete control over the underlying server hosting the Budibase instance. No patch is currently available for this vulnerability.

OS command injection in Linagora Twake v2023.Q1.1223 allows unauthenticated remote code execution.

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap.

Command injection in Comfast CF-AC100 firmware via the ping_config request handler allows remote attackers with high privileges to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, which stems from an incomplete fix of a prior CVE. A patch is not currently available, though the vendor has been notified and indicated a fix is in development.

OS command injection in Totolink N300RH firmware allows unauthenticated remote attackers to execute arbitrary commands through the setWiFiWpsConfig function in the CGI handler. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict network access to the device's management interface until a fix is released.

Command injection in RyuzakiShinji biome-mcp-server versions up to 1.0.0 allows authenticated remote attackers to execute arbitrary commands through manipulation of the biome-mcp-server.ts file. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be triggered remotely without user interaction.

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the Pr_mode parameter in /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the model parameter in the OTA upgrade function. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.

Mimekit versions up to 4.15.1 contains a vulnerability that allows attackers to embed \r\n into the SMTP envelope address local-part (when the local-part is a q (CVSS 5.3).

Unauthenticated OS command injection in AVideo before 7.0.

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands through the firmware_url parameter in the OTA upgrade function, requiring only high-level privileges to trigger. Public exploit code exists for this vulnerability and no patch is currently available, making it an immediate risk for affected devices.

OpenClaw's exec-approvals feature validates command allowlists before shell expansion but fails to account for expansion during actual execution, enabling authorized users or attackers performing prompt injection to read arbitrary files through glob patterns and environment variables. This arbitrary file disclosure affects systems with host execution enabled in allowlist mode, potentially exposing sensitive data accessible to the gateway or node process. A patch is available to address this command injection vulnerability.

Unauthenticated command injection in FreePBX recordings module (versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4) allows authenticated attackers to execute arbitrary system commands with full system privileges. The vulnerability stems from improper input validation in the recordings functionality, enabling complete compromise of affected FreePBX installations. No patch is currently available.

Unauthenticated command injection in FreePBX versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4 via the ElevenLabs Text-to-Speech integration allows authenticated users with high privileges to execute arbitrary system commands. The vulnerability exists in the recordings module and affects all installations using the vulnerable TTS engine. No patch is currently available, leaving affected systems at risk of full system compromise.

Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Authenticated attackers can achieve remote code execution with root privileges on IDC SFX2100 satellite receiver devices through OS command injection in the web-based Traceroute diagnostic tool. By injecting shell metacharacters into the flags parameter, an attacker can execute arbitrary operating system commands on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available.

Authenticated attackers can execute arbitrary OS commands with root privileges on IDC SFX2100 satellite receivers through command injection in the web-based Ping utility, bypassing input filters by using alternate shell metacharacters like the pipe operator. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the web management interface and allows complete system compromise for any authenticated user.

Command injection in D-Link DIR-868L via SSDP service. PoC available.

Command injection in PhialsBasement nmap-mcp-server allows authenticated remote attackers to execute arbitrary system commands through the Nmap CLI Command Handler component due to improper input sanitization in child_process.exec. Public exploit code exists for this vulnerability, and affected users should apply the available patch to remediate the risk.

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]

Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). [CVSS 7.8 HIGH]

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.

Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]