CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149

1149 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2526	Wavlink WL-WN579A3 wireless.cgi multi_ssid command injection — WL-WN579A3	6.3	Medium	2026-02-16
CVE-2026-26068	emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection) — emp3r0r	8.8^AI	High^AI	2026-02-12
CVE-2026-20841	Windows Notepad App Remote Code Execution Vulnerability — Windows Notepad	7.8	High	2026-02-10
CVE-2026-21257	GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability — Microsoft Visual Studio 2022 version 17.14	8.0	High	2026-02-10
CVE-2026-21256	GitHub Copilot and Visual Studio Remote Code Execution Vulnerability — Microsoft Visual Studio 2022 version 17.14	8.8	High	2026-02-10
CVE-2026-21516	GitHub Copilot for Jetbrains Remote Code Execution Vulnerability — GitHub Copilot Plugin for JetBrains IDEs	8.8	High	2026-02-10
CVE-2026-21522	Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability — Microsoft ACI Confidential Containers	6.7	Medium	2026-02-10
CVE-2026-21518	GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability — Microsoft Visual Studio Code CoPilot Chat Extension	8.8	High	2026-02-10
CVE-2026-25761	Command injection via crafted filenames in Super-linter Action — super-linter	8.8	High	2026-02-09
CVE-2026-2227	D-Link DCS-931L setSystemAdmin doSystem command injection — DCS-931L	4.7	Medium	2026-02-09
CVE-2026-2218	D-Link DCS-933L alphapd setSystemAdmin command injection — DCS-933L	6.3	Medium	2026-02-09
CVE-2026-2194	D-Link DI-7100G C1 start_proxy_client_email command injection — DI-7100G C1	6.3	Medium	2026-02-08
CVE-2026-2193	D-Link DI-7100G C1 set_jhttpd_info command injection — DI-7100G C1	6.3	Medium	2026-02-08
CVE-2026-2182	UTT 进取 521G setSysAdm doSystem command injection — 进取 521G	7.2	High	2026-02-08
CVE-2026-2178	r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection — xcode-mcp-server	6.3	Medium	2026-02-08
CVE-2026-2169	D-Link DWR-M921 formLtefotaUpgradeFibocom command injection — DWR-M921	6.3	Medium	2026-02-08
CVE-2026-2168	D-Link DWR-M921 formLtefotaUpgradeQuectel sub_419920 command injection — DWR-M921	6.3	Medium	2026-02-08
CVE-2026-2163	D-Link DIR-600 ssdp.cgi command injection — DIR-600	4.7	Medium	2026-02-08
CVE-2026-2135	UTT HiPER 810 formPdbUpConfig sub_43F020 command injection — HiPER 810	6.3	Medium	2026-02-08
CVE-2026-2130	BurtTheCoder mcp-maigret search_username index.ts command injection — mcp-maigret	6.3	Medium	2026-02-08
CVE-2026-2118	UTT HiPER 810 rehttpd formReleaseConnect sub_4407D4 command injection — HiPER 810	7.2	High	2026-02-08
CVE-2026-2085	D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub_419F20 command injection — DWR-M921	7.2	High	2026-02-07
CVE-2026-2080	UTT HiPER 810 formUser setSysAdm command injection — HiPER 810	7.2	High	2026-02-07
CVE-2026-2000	DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection — DCME-320	4.7	Medium	2026-02-06
CVE-2026-1802	Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection — ZHOME A0101	7.3	High	2026-02-03
CVE-2026-1735	Yealink MeetingBar A30 Diagnostic command injection — MeetingBar A30	4.3	Medium	2026-02-02
CVE-2026-1690	Tenda HG10 formSysCmd system command injection — HG10	4.7	Medium	2026-01-30
CVE-2026-1689	Tenda HG10 Login formLogin checkUserFromLanOrWan command injection — HG10	7.3	High	2026-01-30
CVE-2026-1687	Tenda HG10 Boa Webserver formSamba command injection — HG10	7.3	High	2026-01-30
CVE-2025-26385	Metasys product command injection vulnerability could allow remote SQL execution — Metasys	9.8^AI	Critical^AI	2026-01-30

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1149 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1149