Owl opds 2.2.0.4: Malicious Network Requests Can Execute Commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.2

Owl opds 2.2.0.4: Malicious Network Requests Can Execute Commands

CVE-2026-2333

Summary

The Owl opds software does not properly filter network requests, allowing an attacker to inject malicious commands. This could allow an attacker to take control of the system. To protect your system, update to the latest version of Owl opds.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
owlcyberdefense	opds-talon	2.2.0.4	–
owlcyberdefense	opds-talon	2.2.0.4	–

Original title

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

Original description

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

nvd CVSS3.1 9.8

nvd CVSS4.0 9.2

Vulnerability type

CWE-77 Command Injection

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-2333 Broken Link

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026