CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Description
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-137 · CAPEC-174 · CAPEC-41 · CAPEC-460 · CAPEC-88
CVEs mapped to this weakness (169)
page 3 of 9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29954 | Hig | 0.49 | 7.6 | 0.00 | Mar 30, 2026 | In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when… | ||
| CVE-2025-12613 | Hig | 0.49 | 8.6 | 0.00 | Nov 10, 2025 | Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such… | ||
| CVE-2025-48385 | Hig | 0.49 | — | 0.01 | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows… | ||
| CVE-2016-1000222 | Hig | 0.49 | 7.5 | 0.01 | Jun 16, 2017 | Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | ||
| CVE-2001-0667 | Hig | 0.49 | 7.3 | 0.15 | Oct 30, 2001 | Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed,… | ||
| CVE-2026-46529 | Hig | 0.48 | — | 0.01 | Jun 10, 2026 | Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into… | ||
| CVE-2026-3515 | Hig | 0.48 | 8.5 | 0.00 | May 24, 2026 | A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command… | ||
| CVE-2026-7865 | — | Hig | 0.48 | — | 0.01 | May 5, 2026 | A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with… | |
| CVE-2026-40113 | Hig | 0.48 | 8.4 | 0.00 | Apr 9, 2026 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not… | ||
| CVE-2026-53694 | Hig | 0.47 | — | 0.00 | Jun 10, 2026 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2. | ||
| CVE-2026-39884 | Hig | 0.47 | 8.3 | 0.00 | Apr 15, 2026 | mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation… | ||
| CVE-2026-49373 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | ||
| CVE-2026-44712 | Hig | 0.46 | 8.2 | 0.00 | May 27, 2026 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this)… | ||
| CVE-2026-42284 | Hig | 0.46 | 8.1 | 0.01 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation… | ||
| CVE-2025-67858 | Hig | 0.46 | — | 0.00 | Jan 8, 2026 | A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31. | ||
| CVE-2025-68144 | Hig | 0.46 | 7.1 | 0.07 | Dec 17, 2025 | In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line… | ||
| CVE-2025-66002 | Med | 0.45 | — | 0.00 | Jan 8, 2026 | An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | ||
| CVE-2025-52903 | Hig | 0.45 | 8.0 | 0.01 | Jun 26, 2025 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell… | ||
| CVE-2026-11332 | Hig | 0.44 | 7.8 | 0.00 | Jun 5, 2026 | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags… | ||
| CVE-2025-40948 | Med | 0.44 | 6.8 | 0.00 | May 12, 2026 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1),… |
- risk 0.49cvss 7.6epss 0.00
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when…
- risk 0.49cvss 8.6epss 0.00
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such…
- risk 0.49cvss —epss 0.01
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows…
- risk 0.49cvss 7.5epss 0.01
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
- risk 0.49cvss 7.3epss 0.15
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed,…
- risk 0.48cvss —epss 0.01
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into…
- risk 0.48cvss 8.5epss 0.00
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command…
- risk 0.48cvss —epss 0.01
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with…
- risk 0.48cvss 8.4epss 0.00
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not…
- risk 0.47cvss —epss 0.00
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.
- risk 0.47cvss 8.3epss 0.00
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation…
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
- risk 0.46cvss 8.2epss 0.00
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this)…
- risk 0.46cvss 8.1epss 0.01
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation…
- risk 0.46cvss —epss 0.00
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.
- risk 0.46cvss 7.1epss 0.07
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line…
- risk 0.45cvss —epss 0.00
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper
- risk 0.45cvss 8.0epss 0.01
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell…
- risk 0.44cvss 7.8epss 0.00
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…
- risk 0.44cvss 6.8epss 0.00
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1),…