CVE-2026-47734: Unquoted Replace In Subprocess

String replacement without shell quoting before execution can lead to command injection.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

Python

greprules fetch cve-2026-47734-unquoted-replace-in-subprocess --engine opengrep

Description

String replacement without shell quoting before execution can lead to command injection.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 131 downloads
0 direct131 via packs
· 0 stars · Quality score 70How quality works
Included packs: 2 packs

0 signals from signed-in users.