CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149

1149 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32194	Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing Images	9.8	Critical	2026-03-19
CVE-2026-24299	M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot	5.3	Medium	2026-03-19
CVE-2026-26136	Microsoft Copilot Information Disclosure Vulnerability — Microsoft Copilot	6.5	Medium	2026-03-19
CVE-2026-22317	Command Injection Vulnerability in Root CA Certificate Transfer Workflow — FL SWITCH 2005	7.2	High	2026-03-18
CVE-2026-27811	Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE — roxy-wi	8.8	High	2026-03-17
CVE-2025-14031	IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service — Sterling B2B Integrator	7.5	High	2026-03-17
CVE-2026-23862	Dell ThinOS 10 命令注入漏洞 — ThinOS 10	7.8	High	2026-03-16
CVE-2026-4228	LB-LINK BL-WR9000 set_wifi sub_458754 command injection — BL-WR9000	6.3	Medium	2026-03-16
CVE-2026-4210	D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4209	D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4207	D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4206	D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4205	D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4204	D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4203	D-Link DNS-1550-04 network_mgr.cgi cgi_dhcpd command injection — DNS-120	6.3	Medium	2026-03-16
CVE-2026-4199	bazinga012 mcp_code_executor index.ts installDependencies command injection — mcp_code_executor	5.3	Medium	2026-03-16
CVE-2026-4198	hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection — mcp-server-auto-commit	5.3	Medium	2026-03-15
CVE-2026-4197	D-Link DNS-1550-04 download_mgr.cgi RSS_Item_List command injection — DNS-120	6.3	Medium	2026-03-15
CVE-2026-4196	D-Link DNS-1550-04 remote_backup.cgi cgi_set_rsync_server command injection — DNS-120	6.3	Medium	2026-03-15
CVE-2026-4195	D-Link DNS-1550-04 wizard_mgr.cgi command injection — DNS-120	6.3	Medium	2026-03-15
CVE-2026-4192	AvinashBole quip-mcp-server index.ts setupToolHandlers command injection — quip-mcp-server	6.3	Medium	2026-03-15
CVE-2026-4164	Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection — WL-WN578W2	9.8	Critical	2026-03-15
CVE-2026-4163	Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection — WL-WN579A3	9.8	Critical	2026-03-14
CVE-2026-26133	M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot for Android	7.1	High	2026-03-13
CVE-2026-20163	Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise — Splunk Enterprise	8.0	High	2026-03-11
CVE-2026-32063	OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation — openclaw	7.1	High	2026-03-11
CVE-2026-3943	H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection — ACG1000-AK230	7.3	High	2026-03-11
CVE-2026-3854	Remote code execution via git push option injection in GitHub Enterprise Server — Enterprise Server	8.8^AI	High^AI	2026-03-10
CVE-2026-3798	Comfast CF-AC100 Request Path mbox-config sub_44AC14 command injection — CF-AC100	4.7	Medium	2026-03-09
CVE-2026-3704	Wavlink NU516U1 Incomplete Fix CVE-2025-10959 firewall.cgi sub_405B2C command injection — NU516U1	4.7	Medium	2026-03-08

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1149 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149