VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 55 of 78
  • CVE-2025-26056MedApr 1, 2025
    risk 0.35cvss 5.4epss 0.01

    A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary…

  • CVE-2024-32884MedApr 26, 2024
    risk 0.35cvss 6.4epss 0.01

    gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited,…

  • CVE-2024-28328MedApr 26, 2024
    risk 0.35cvss 5.4epss 0.00

    CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.

  • CVE-2017-2324MedApr 24, 2017
    risk 0.35cvss 5.3epss 0.02

    A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.

  • CVE-2026-11408MedJun 6, 2026
    risk 0.34cvss 6.3epss 0.01

    A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be…

  • CVE-2026-10550MedJun 2, 2026
    risk 0.34cvss 6.3epss 0.01

    A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is…

  • CVE-2026-8210MedMay 9, 2026
    risk 0.34cvss 5.3epss 0.01

    A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to…

  • CVE-2023-47268MedMay 8, 2026
    risk 0.34cvss 5.3epss 0.01

    In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.

  • CVE-2026-8112MedMay 7, 2026
    risk 0.34cvss 6.3epss 0.03

    A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-7629MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.01

    A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched…

  • CVE-2026-7628MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.01

    A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be…

  • CVE-2026-6219MedApr 13, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The…

  • CVE-2026-6141MedApr 13, 2026
    risk 0.34cvss 6.3epss 0.01

    A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has…

  • CVE-2026-6118MedApr 12, 2026
    risk 0.34cvss 6.3epss 0.02

    A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to…

  • CVE-2026-5831MedApr 9, 2026
    risk 0.34cvss 6.3epss 0.01

    A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out…

  • CVE-2026-5621MedApr 6, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in os command injection. Attacking locally…

  • CVE-2026-5619MedApr 6, 2026
    risk 0.34cvss 5.3epss 0.01

    A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection. The attack…

  • CVE-2026-5023MedMar 29, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such…

  • CVE-2026-5007MedMar 28, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The…

  • CVE-2026-3964MedMar 11, 2026
    risk 0.34cvss 5.3epss 0.01

    A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to…