CWE · MITRE source
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 19 mapping(s) from 4 framework(s): ATT&CK 8 (mostly) · CAPEC 6 (mostly) · ASVS 5.0 4 (full) · OWASP-Web 1 (full)
OWASP Top 10 for Web (2025)
This weakness contributes to A05:2025 Injection.
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2005-2773 KEV | 10.0 | 9.8 | 0.7409 | 2005-09-02 |
CVE-2007-3010 KEV | 10.0 | 9.8 | 0.9741 | 2007-09-18 |
CVE-2010-4345 KEV | 10.0 | 7.8 | 0.1779 | 2010-12-14 |
CVE-2012-1823 KEV | 10.0 | 9.8 | 1.0000 | 2012-05-11 |
CVE-2015-2051 KEV | 10.0 | 8.8 | 0.9710 | 2015-02-23 |
CVE-2016-6367 KEV | 10.0 | 7.8 | 0.2258 | 2016-08-18 |
CVE-2016-1555 KEV | 10.0 | 9.8 | 0.9832 | 2017-04-21 |
CVE-2017-6327 KEV | 10.0 | 8.8 | 0.3534 | 2017-08-11 |
CVE-2019-0541 KEV | 10.0 | 8.8 | 0.5320 | 2019-01-08 |
CVE-2010-5330 KEV | 10.0 | 9.8 | 0.3440 | 2019-06-11 |
CVE-2020-25079 KEV | 10.0 | 8.8 | 0.5272 | 2020-09-02 |
CVE-2018-19949 KEV | 10.0 | 9.8 | 0.2445 | 2020-10-28 |
CVE-2020-2509 KEV | 10.0 | 9.8 | 0.3417 | 2021-04-17 |
CVE-2021-1498 KEV | 10.0 | 9.8 | 1.0000 | 2021-05-06 |
CVE-2021-22899 KEV | 10.0 | 8.8 | 0.2234 | 2021-05-27 |
CVE-2016-20017 KEV | 10.0 | 9.8 | 0.6043 | 2022-10-19 |
CVE-2022-40765 KEV | 10.0 | 6.8 | 0.1048 | 2022-11-22 |
CVE-2023-1389 KEV | 10.0 | 8.8 | 1.0000 | 2023-03-15 |
CVE-2023-1671 KEV | 10.0 | 9.8 | 1.0000 | 2023-04-04 |
CVE-2023-20118 KEV | 10.0 | 6.5 | 0.5383 | 2023-04-13 |
CVE-2023-2868 KEV | 10.0 | 9.4 | 0.8696 | 2023-05-24 |
CVE-2023-33538 KEV | 10.0 | 8.8 | 0.4187 | 2023-06-07 |
CVE-2023-20887 KEV | 10.0 | 9.8 | 0.9824 | 2023-06-07 |
CVE-2024-21887 KEV UPD | 10.0 | 9.1 | 1.0000 | 2024-01-12 |
CVE-2024-3273 KEV UPD | 10.0 | 7.3 | 1.0000 | 2024-04-04 |