Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) — Vulnerability Class 106

106 vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)). AI Chinese analysis included.

CWE-95 represents a critical code injection vulnerability where software fails to properly sanitize user-supplied input before passing it to a dynamic evaluation function, such as JavaScript’s eval(). Attackers typically exploit this weakness by injecting malicious code snippets into the input stream, which the application then executes with the privileges of the running process. This can lead to complete system compromise, data exfiltration, or unauthorized administrative actions. To mitigate this risk, developers must strictly avoid using dynamic code execution functions whenever possible, opting instead for safer alternatives like JSON parsing or predefined function mappings. When dynamic evaluation is unavoidable, rigorous input validation and strict whitelisting of allowed characters are essential to ensure that only safe, expected data structures are processed, thereby neutralizing potential injection vectors before they reach the interpreter.

MITRE CWE Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Common Consequences (5)
ConfidentialityRead Files or Directories, Read Application Data
The injected code could access restricted data / files.
Access ControlBypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access ControlGain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, Availability, OtherExecute Unauthorized Code or Commands
Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code or at least modify what code can be executed.
Non-RepudiationHide Activities
Often the actions performed by injected control code are unlogged.
Mitigations (4)
Architecture and Design, ImplementationIf possible, refactor your code so that it does not need to use eval() at all.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalizat…
ImplementationFor Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
Effectiveness: Discouraged Common Practice
Examples (2)
edit-config.pl: This CGI script is used to modify settings in a configuration file.
use CGI qw(:standard); sub config_file_add_key { my ($fname, $key, $arg) = @_; # code to add a field/key to a file goes here } sub config_file_set_key { my ($fname, $key, $arg) = @_; # code to set key to a particular file goes here } sub config_file_delete_key { my ($fname, $key, $arg) = @_; # code to delete key from a particular file goes here } sub handleConfigAction { my ($fname, $action) = @_; my $key = param('key'); my $val = param('val'); # this is super-efficient code, especially if you have to invoke # any one of dozens of different functions! my $code = "config_file_$action_key(\$fnam
Bad · Perl
add_key(",","); system("/bin/ls");
Attack
This simple python3 script asks a user to supply a comma-separated list of numbers as input and adds them together.
def main(): sum = 0 try: numbers = eval(input("Enter a comma-separated list of numbers: ")) except SyntaxError: print("Error: invalid input") return for num in numbers: sum = sum + num print(f"Sum of {numbers} = {sum}") main()
Bad · Python
__import__('subprocess').getoutput('rm -r *')
Attack
CVE IDTitleCVSSSeverityPublished
CVE-2026-44128 Unauthenticated Remote Code Execution — Secure Email Gateway 9.8AICriticalAI2026-05-08
CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope — PPTAgent 8.6 High2026-05-04
CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection — CMS 4.7 Medium2026-04-20
CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings — chamilo-lms 8.8 High2026-04-10
CVE-2026-5971 FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection — MetaGPT 7.3 High2026-04-09
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent — Insight Agent 6.6 Medium2026-04-08
CVE-2026-22666 Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() — Dolibarr ERP/CRM 7.2 High2026-04-07
CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution — Agno 9.8AICriticalAI2026-04-02
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection — letta 7.3 High2026-03-27
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula — Woocommerce Custom Product Addons Pro 9.8 Critical2026-03-23
CVE-2025-40943 Siemens多款产品 跨站脚本漏洞 — SIMATIC Drive Controller CPU 1504D TF 9.6 Critical2026-03-10
CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection — locutus 8.1 High2026-03-06
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution — chamilo-lms 9.8 Critical2026-03-02
CVE-2026-28370 OpenStack Vitrage 安全漏洞 — Vitrage 9.1 Critical2026-02-27
CVE-2025-15551 LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N — Archer MR200 v5.2 8.1AIHighAI2026-02-05
CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection — PHP Fusion 6.1 Medium2026-02-05
CVE-2026-1470 Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node. 9.9 Critical2026-01-27
CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs — components 7.5 -2026-01-23
CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability — Langflow 9.8 -2026-01-23
CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper — alchemy_cms 6.4 Medium2026-01-19
CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host. 8.5 High2026-01-18
CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api — cosmos 10.0 Critical2026-01-13
CVE-2025-54322 Xspeeder SXZOS 安全漏洞 — SXZOS 10.0 Critical2025-12-27
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection — xwiki-rendering 8.8AIHighAI2025-12-10
CVE-2025-12140 RCE in Wirtualna Uczelnia — Wirtualna Uczelnia 9.8 -2025-11-27
CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events — open-webui 7.3 High2025-11-08
CVE-2025-61955 F5OS vulnerability — F5OS - Appliance 7.8 High2025-10-15
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE — is-human WordPress Plugin 9.8AICriticalAI2025-10-15
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive — horilla 7.2 High2025-09-24
CVE-2025-55728 XWiki Remote Macros vulnerable to remote code execution using the panel macro — xwiki-pro-macros 10.0 Critical2025-09-09

Vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) represent 106 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.