VYPR

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

BaseDraft

Description

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-137 · CAPEC-174 · CAPEC-41 · CAPEC-460 · CAPEC-88

CVEs mapped to this weakness (169)

page 3 of 9
  • CVE-2026-29954HigMar 30, 2026
    risk 0.49cvss 7.6epss 0.00

    In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when…

  • CVE-2025-12613HigNov 10, 2025
    risk 0.49cvss 8.6epss 0.00

    Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such…

  • CVE-2025-48385HigJul 8, 2025
    risk 0.49cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows…

  • CVE-2016-1000222HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

  • CVE-2001-0667HigOct 30, 2001
    risk 0.49cvss 7.3epss 0.15

    Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed,…

  • CVE-2026-46529HigJun 10, 2026
    risk 0.48cvss epss 0.01

    Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into…

  • CVE-2026-3515HigMay 24, 2026
    risk 0.48cvss 8.5epss 0.00

    A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command…

  • CVE-2026-7865HigMay 5, 2026
    risk 0.48cvss epss 0.01

    A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with…

  • CVE-2026-40113HigApr 9, 2026
    risk 0.48cvss 8.4epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not…

  • CVE-2026-53694HigJun 10, 2026
    risk 0.47cvss epss 0.00

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.

  • CVE-2026-39884HigApr 15, 2026
    risk 0.47cvss 8.3epss 0.00

    mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation…

  • CVE-2026-49373HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

  • CVE-2026-44712HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this)…

  • CVE-2026-42284HigMay 7, 2026
    risk 0.46cvss 8.1epss 0.01

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation…

  • CVE-2025-67858HigJan 8, 2026
    risk 0.46cvss epss 0.00

    A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.

  • CVE-2025-68144HigDec 17, 2025
    risk 0.46cvss 7.1epss 0.07

    In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line…

  • CVE-2025-66002MedJan 8, 2026
    risk 0.45cvss epss 0.00

    An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper

  • CVE-2025-52903HigJun 26, 2025
    risk 0.45cvss 8.0epss 0.01

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell…

  • CVE-2026-11332HigJun 5, 2026
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…

  • CVE-2025-40948MedMay 12, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1),…