CVE-2026-2333
Command Injection in Owl opds 2.2.0.4 via Network Request
Publication date: 2026-02-20
Last updated on: 2026-02-26
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| owlcyberdefense | opds-talon | 2.2.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability is a Command Injection issue in Owl opds version 2.2.0.4. It occurs due to improper neutralization of special elements used in commands, which allows an attacker to inject and execute arbitrary commands via a crafted network request.
How can this vulnerability impact me? :
The vulnerability can have a severe impact because it allows remote attackers to execute arbitrary commands on the affected system without requiring privileges or user interaction. This can lead to full system compromise, data theft, service disruption, or further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know