CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 64 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-57283 | — | 0.00 | — | 0.01 | Jan 28, 2026 | The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. | ||
| CVE-2026-24132 | 0.00 | — | 0.01 | Jan 22, 2026 | Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the… | |||
| CVE-2026-23947 | 0.00 | — | 0.01 | Jan 20, 2026 | Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to… | |||
| CVE-2026-22864 | 0.00 | — | 0.01 | Jan 15, 2026 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against… | |||
| CVE-2026-22785 | 0.00 | — | 0.01 | Jan 12, 2026 | orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or… | |||
| CVE-2026-22688 | 0.00 | — | 0.02 | Jan 10, 2026 | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server… | |||
| CVE-2025-61492 | 0.00 | — | 0.02 | Jan 7, 2026 | A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. | |||
| CVE-2025-69256 | 0.00 | — | 0.02 | Dec 30, 2025 | The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package… | |||
| CVE-2025-67508 | 0.00 | — | 0.00 | Dec 12, 2025 | gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener… | |||
| CVE-2025-13780 | 0.00 | — | 0.01 | Dec 11, 2025 | pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting… | |||
| CVE-2025-67511 | 0.00 | — | 0.02 | Dec 10, 2025 | Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents.… | |||
| CVE-2025-66404 | 0.00 | — | 0.01 | Dec 3, 2025 | MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string… | |||
| CVE-2025-66032 | 0.00 | — | 0.01 | Dec 3, 2025 | Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability… | |||
| CVE-2025-65657 | 0.00 | — | 0.00 | Dec 2, 2025 | FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation,… | |||
| CVE-2025-66219 | — | 0.00 | — | 0.02 | Nov 29, 2025 | willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API (exec) to which… | ||
| CVE-2025-34267 | 0.00 | — | 0.06 | Oct 14, 2025 | Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An… | |||
| CVE-2025-61787 | 0.00 | — | 0.02 | Oct 8, 2025 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat,… | |||
| CVE-2025-59834 | — | 0.00 | — | 0.02 | Sep 25, 2025 | ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool… | ||
| CVE-2025-59831 | — | 0.00 | — | 0.02 | Sep 25, 2025 | git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options,… | ||
| CVE-2025-59376 | 0.00 | — | 0.00 | Sep 15, 2025 | feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete… |
- CVE-2025-57283Jan 28, 2026risk 0.00cvss —epss 0.01
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.
- CVE-2026-24132Jan 22, 2026risk 0.00cvss —epss 0.01
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the…
- CVE-2026-23947Jan 20, 2026risk 0.00cvss —epss 0.01
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to…
- CVE-2026-22864Jan 15, 2026risk 0.00cvss —epss 0.01
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against…
- CVE-2026-22785Jan 12, 2026risk 0.00cvss —epss 0.01
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or…
- CVE-2026-22688Jan 10, 2026risk 0.00cvss —epss 0.02
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server…
- CVE-2025-61492Jan 7, 2026risk 0.00cvss —epss 0.02
A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.
- CVE-2025-69256Dec 30, 2025risk 0.00cvss —epss 0.02
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package…
- CVE-2025-67508Dec 12, 2025risk 0.00cvss —epss 0.00
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener…
- CVE-2025-13780Dec 11, 2025risk 0.00cvss —epss 0.01
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting…
- CVE-2025-67511Dec 10, 2025risk 0.00cvss —epss 0.02
Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents.…
- CVE-2025-66404Dec 3, 2025risk 0.00cvss —epss 0.01
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string…
- CVE-2025-66032Dec 3, 2025risk 0.00cvss —epss 0.01
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability…
- CVE-2025-65657Dec 2, 2025risk 0.00cvss —epss 0.00
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation,…
- CVE-2025-66219Nov 29, 2025risk 0.00cvss —epss 0.02
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API (exec) to which…
- CVE-2025-34267Oct 14, 2025risk 0.00cvss —epss 0.06
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An…
- CVE-2025-61787Oct 8, 2025risk 0.00cvss —epss 0.02
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat,…
- CVE-2025-59834Sep 25, 2025risk 0.00cvss —epss 0.02
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool…
- CVE-2025-59831Sep 25, 2025risk 0.00cvss —epss 0.02
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options,…
- CVE-2025-59376Sep 15, 2025risk 0.00cvss —epss 0.00
feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete…