Home/CWE/Improper Neutralization of Special Elements used in a Command ('Command Injection')
Weakness

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77 · Class · Draft

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Extended description

Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Children (more specific)
ParentOfCWE-1427 · Improper Neutralization of Input Used for LLM Prompting
ParentOfCWE-624 · Executable Regular Expression Error
ParentOfCWE-78 · Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ParentOfCWE-88 · Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
ParentOfCWE-917 · Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Attack Patterns (CAPEC)

8
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-136LDAP Injection
CAPEC-15Command Delimiters
CAPEC-183IMAP/SMTP Command Injection
CAPEC-248Command Injection
CAPEC-40Manipulating Writeable Terminal Devices
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-75Manipulating Writeable Configuration Files
CAPEC-76Manipulating Web Input to File System Calls

CVEs With This Weakness

4,033
A sample of the 4,033 CVEs tagged with this weakness.
CVECVE-2026-8777
CVECVE-2026-8774
CVECVE-2026-8767
CVECVE-2026-8753
CVECVE-2026-8431
CVECVE-2026-8346
CVECVE-2026-8345
CVECVE-2026-8344
CVECVE-2026-8273
CVECVE-2026-8272
CVECVE-2026-8271
CVECVE-2026-8265

Nuclei Scanner Templates

30
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalMeterSphere - Remote Code Execution
criticalFastjson 1.2.47 - Remote Code Execution
criticalFastjson 1.2.41 - Remote Code Execution
criticalFastjson 1.2.43 - Remote Code Execution
criticalFastjson 1.2.42 - Remote Code Execution
criticalFastjson 1.2.62 - Remote Code Execution
criticalFastjson 1.2.24 - Remote Code Execution
criticalFastjson 1.2.67 - Remote Code Execution
criticalFastjson 1.2.68 - Remote Code Execution
criticalCisco vManage (Log4j) - Remote Code Execution
criticalCisco BroadWorks - Remote Code Execution (Apache Log4j)
criticalCisco WebEx - Remote Code Execution (Apache Log4j)
criticalCisco CloudCenter Suite (Log4j) - Remote Code Execution
criticalCisco Unified Communications - Remote Code Execution (Apache Log4j)
criticalGraylog (Log4j) - Remote Code Execution
criticalCore Chuangtian Cloud Desktop System - Remote Code Execution
criticalPapercut - Remote Code Execution (Apache Log4j)
criticalUnauthenticated Spark REST API
criticalSponip Network System Ping - Remote Code Execution
criticalVMware Site Recovery Manager - Remote Code Execution (Apache Log4j)
criticalQi'anxin Netkang Next Generation Firewall - Remote Code Execution
criticalSplunk Enterprise - Remote Code Execution (Apache Log4j)
criticalHiboss - Remote Code Execution
criticalFortiPortal - Remote Code Execution (Apache Log4j)
criticalElasticsearch 5 - Remote Code Execution (Apache Log4j)
criticalWebUI 1.5b6 - Remote Code Execution
criticalMetabase - Remote Code Execution (Apache Log4j)
criticalF-Secure Policy Manager - Remote Code Execution (Apache Log4j)
criticalYapi - Remote Code Execution
criticalHasura GraphQL Engine - Remote Code Execution
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin