ZCyberNews
中文

#command-injection

9 articles

From April 14 to May 11, 2026, ZCyberNews published 10 articles under the command-injection tag. The coverage spans four critical, five high, and one medium severity issue, with top CVEs including CVE-2026-31246 (CVSS 9.8), CVE-2021-47949 (CVSS 8.8), CVE-2026-3854 (CVSS 8.7), CVE-2026-8264 (CVSS 6.5), and CVE-2026-8265 (CVSS 6.5). Affected sectors are software development, technology, telecommunications, conference centers, and consumer, with a global regional impact.

GPT-Pilot Command Injection Flaw CVE-2026-31246 Lets Users ExecuteCRITICAL
Vulnerabilities

GPT-Pilot Command Injection Flaw CVE-2026-31246 Lets Users Execute

CVE-2026-31246 (CVSS 9.8) in GPT-Pilot's Executor.run() passes unvalidated user input to asyncio.createsubprocessshell(), enabling arbitrary command injection during project...

CVE-2026-31246
4 min read
Tenda AC6 Command Injection Flaw CVE-2026-8263 Lets Attackers ExecuteHIGH
Vulnerabilities

Tenda AC6 Command Injection Flaw CVE-2026-8263 Lets Attackers Execute

CVE-2026-8263 (CVSS 5.8) in Tenda AC6 firmware 15.03.06.49multiTDE01 allows unauthenticated remote OS command injection via the /goform/WifiExtraSet endpoint.

CVE-2026-8263
3 min read
Tenda AC6 Router Flaws Enable Remote Command InjectionHIGH
Vulnerabilities

Tenda AC6 Router Flaws Enable Remote Command Injection

Two command injection vulnerabilities in Tenda AC6 firmware 15.03.06.23 let remote attackers execute arbitrary OS commands via the getLogFile and formWifiApScan functions.

CVE-2026-8265CVE-2026-8264
3 min read
CyberPanel 2.1 Flaw Lets Authenticated Attackers Execute Remote CodeHIGH
Vulnerabilities

CyberPanel 2.1 Flaw Lets Authenticated Attackers Execute Remote Code

CVE-2021-47949 (CVSS 8.8) in CyberPanel 2.1 lets authenticated attackers read arbitrary files and execute code via symlink attacks through the filemanager controller endpoint.

CVE-2021-47949
3 min read
CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated UsersMEDIUM
Vulnerabilities

CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated Users

CVE-2024-30167 (CVSS 6.3): Authenticated users can execute arbitrary commands as root on Atlona AT-OME-MS42 Matrix Switcher 1.1.2 via a crafted POST to /cgi-bin/time.cgi.

CVE-2024-30167
3 min read
GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushHIGH
Vulnerabilities

GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) lets authenticated users with push access achieve remote code execution on GitHub.com and GitHub Enterprise Server via a crafted git push command.

CVE-2026-3854
4 min read
PoC Exploit Released for Critical FortiSandbox Command Injection FlawCRITICAL
Vulnerabilities

PoC Exploit Released for Critical FortiSandbox Command Injection Flaw

A proof-of-concept exploit for CVE-2026-39808, a critical command injection vulnerability in Fortinet FortiSandbox, has been released. The flaw allows unauthenticated attackers to execute arbitrary OS commands as root.

CVE-2026-39808
4 min read
TP-Link Router Flaw Exploited by Mirai Botnet VariantCRITICAL
Threat Intel

TP-Link Router Flaw Exploited by Mirai Botnet Variant

Attackers are exploiting CVE-2023-33538, a command injection flaw in TP-Link Archer AX21 routers, to deploy a Mirai botnet variant. The campaign hijacks devices for DDoS attacks and credential theft.

CVE-2023-33538
4 min read
Critical PHP Composer Flaws Allow Remote Command Execution via Perforce DriverHIGH
Vulnerabilities

Critical PHP Composer Flaws Allow Remote Command Execution via Perforce Driver

Two high-severity command injection vulnerabilities (CVE-2026-40176, CVE-2026-40177) in PHP Composer's Perforce driver enable arbitrary command execution on developer systems during package operations.

CVE-2026-40176CVE-2026-40177
3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.