Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 20, 2026

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

CVE-2026-26093

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

Affected products

Owl/opdsllm-fuzzy
Range: <= 2.2.0.4? (description says '2.2.0.4' but does not say if all earlier versions are affected; it states the vulnerability exists in that version, implying it is present in 2.2.0.4)
Owl/opdsv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26093mitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000