ZCyberNews
中文

#command-injection

10 articles

This archive collects 11 articles tagged command-injection published between April 14, 2026 and June 9, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Recent coverage references CVE-2026-31246, CVE-2021-47949, and CVE-2026-3854, with each report tied to the specific vulnerability context available in the source article. The affected-scope signals emphasize software development, technology, and telecommunications across Global, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 4 critical, 6 high, and 1 medium reports.

Screenshot of CISA Known Exploited Vulnerabilities catalog entry for CVE-2026-42271HIGH
Vulnerabilities

CVE-2026-42271: LiteLLM Flaw Exploited in the Wild, CISA Adds to KEV

CISA added CVE-2026-42271 (CVSS 8.7) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against BerriAI LiteLLM deployments.

CVE-2026-42271
4 min read
GPT-Pilot Command Injection Flaw CVE-2026-31246 Lets Users ExecuteCRITICAL
Vulnerabilities

GPT-Pilot Command Injection Flaw CVE-2026-31246 Lets Users Execute

CVE-2026-31246 (CVSS 9.8) in GPT-Pilot's Executor.run() passes unvalidated user input to asyncio.createsubprocessshell(), enabling arbitrary command injection during project...

CVE-2026-31246
4 min read
Tenda AC6 Command Injection Flaw CVE-2026-8263 Lets Attackers ExecuteHIGH
Vulnerabilities

Tenda AC6 Command Injection Flaw CVE-2026-8263 Lets Attackers Execute

CVE-2026-8263 (CVSS 5.8) in Tenda AC6 firmware 15.03.06.49multiTDE01 allows unauthenticated remote OS command injection via the /goform/WifiExtraSet endpoint.

CVE-2026-8263
3 min read
Tenda AC6 Router Flaws Enable Remote Command InjectionHIGH
Vulnerabilities

Tenda AC6 Router Flaws Enable Remote Command Injection

Two command injection vulnerabilities in Tenda AC6 firmware 15.03.06.23 let remote attackers execute arbitrary OS commands via the getLogFile and formWifiApScan functions.

CVE-2026-8265CVE-2026-8264
3 min read
CyberPanel 2.1 Flaw Lets Authenticated Attackers Execute Remote CodeHIGH
Vulnerabilities

CyberPanel 2.1 Flaw Lets Authenticated Attackers Execute Remote Code

CVE-2021-47949 (CVSS 8.8) in CyberPanel 2.1 lets authenticated attackers read arbitrary files and execute code via symlink attacks through the filemanager controller endpoint.

CVE-2021-47949
3 min read
CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated UsersMEDIUM
Vulnerabilities

CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated Users

CVE-2024-30167 (CVSS 6.3): Authenticated users can execute arbitrary commands as root on Atlona AT-OME-MS42 Matrix Switcher 1.1.2 via a crafted POST to /cgi-bin/time.cgi.

CVE-2024-30167
3 min read
GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushHIGH
Vulnerabilities

GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) lets authenticated users with push access achieve remote code execution on GitHub.com and GitHub Enterprise Server via a crafted git push command.

CVE-2026-3854
4 min read
PoC Exploit Released for Critical FortiSandbox Command Injection FlawCRITICAL
Vulnerabilities

PoC Exploit Released for Critical FortiSandbox Command Injection Flaw

A proof-of-concept exploit for CVE-2026-39808, a critical command injection vulnerability in Fortinet FortiSandbox, has been released. The flaw allows unauthenticated attackers to execute arbitrary OS commands as root.

CVE-2026-39808
4 min read
TP-Link Router Flaw Exploited by Mirai Botnet VariantCRITICAL
Threat Intel

TP-Link Router Flaw Exploited by Mirai Botnet Variant

Attackers are exploiting CVE-2023-33538, a command injection flaw in TP-Link Archer AX21 routers, to deploy a Mirai botnet variant. The campaign hijacks devices for DDoS attacks and credential theft.

CVE-2023-33538
4 min read
Critical PHP Composer Flaws Allow Remote Command Execution via Perforce DriverHIGH
Vulnerabilities

Critical PHP Composer Flaws Allow Remote Command Execution via Perforce Driver

Two high-severity command injection vulnerabilities (CVE-2026-40176, CVE-2026-40177) in PHP Composer's Perforce driver enable arbitrary command execution on developer systems during package operations.

CVE-2026-40176CVE-2026-40177
3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.