Cyber Posture

CVE-2026-2333

CriticalRCE

Published: 20 February 2026

Published
20 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 52.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2333 is a critical-severity Command Injection (CWE-77) vulnerability in Owlcyberdefense Opds-Talon. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates command injection by requiring validation and neutralization of special elements in crafted network requests.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and patching of the specific command injection flaw in Owl opds 2.2.0.4.

SI-9 Information Input Restrictions partial match
prevent

Enforces restrictions on information inputs from network requests to block malicious payloads containing special command elements.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Remote unauthenticated command injection in a network-facing application directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary command execution via T1059 (Command and Scripting Interpreter).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

Deeper analysisAI

CVE-2026-2333, published on 2026-02-20, is a command injection vulnerability (CWE-77) affecting Owl opds version 2.2.0.4. The issue arises from improper neutralization of special elements used in a command, which allows attackers to inject malicious commands via a crafted network request. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

Remote attackers can exploit this vulnerability over the network with low attack complexity, without requiring authentication, privileges, or user interaction. Successful exploitation enables arbitrary command execution on the affected system, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

Mitigation details are available in the vendor advisory at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-2333.

Details

CWE(s)
CWE-77

Affected Products

owlcyberdefense
opds-talon
2.2.0.4

CVEs Like This One

CVE-2026-26093Same product: Owlcyberdefense Opds-100
CVE-2026-26102Same product: Owlcyberdefense Opds-100
CVE-2026-26101Same product: Owlcyberdefense Opds-100
CVE-2025-59252Shared CWE-77
CVE-2025-60021Shared CWE-77
CVE-2025-59286Shared CWE-77
CVE-2024-53615Shared CWE-77
CVE-2025-52688Shared CWE-77
CVE-2025-7388Shared CWE-77
CVE-2024-41783Shared CWE-77

References