CVE-2026-5302: Insecure Format Shell Command
OS command injection vulnerability detected. The code interpolates variables directly into a shell command template using `format!`. If user-controlled data is injected without proper sanitization, it can execute arbitrary commands on the host. Sanitize the inputs before interpolating, or use a safe command execution API that accepts an array of arguments ra
Rustβgreprules fetch cve-2026-5302-insecure-format-shell-command --engine opengrepDescription
OS command injection vulnerability detected. The code interpolates variables directly into a shell command template using `format!`. If user-controlled data is injected without proper sanitization, it can execute arbitrary commands on the host. Sanitize the inputs before interpolating, or use a safe command execution API that accepts an array of arguments ra
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0