Variant weakness

Incomplete

CWE-553: Command Shell in Externally Accessible Directory

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-553 (Command Shell in Externally Accessible Directory) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

1 recorded CVEs are caused by CWE-553 (Command Shell in Externally Accessible Directory). The highest-severity and most recent are shown first. 1 new CWE-553 CVE has been recorded so far in 2026.

CVE-2025-66620
Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory
High · CVSS 8.6
2026-01-07

Common consequences

What can happen when CWE-553 is exploited.

Execute Unauthorized Code or Commands

Affects: Confidentiality, Integrity, Availability

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Operation

Applies to

Technologies

Web Based

Web Server

How to prevent it

Practical mitigations for CWE-553, grouped by where in the lifecycle they apply.

Installation

System Configuration

Remove any Shells accessible under the web root folder and children directories.

Attack patterns

CAPEC attack patterns that exploit this weakness.

CAPEC-650: Upload a Web Shell to a Web Server

Frequently asked questions

Common questions about CWE-553.

What is CWE-553?

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

What CVEs are caused by CWE-553?

1 recorded CVEs are attributed to CWE-553, including CVE-2025-66620.

How do you prevent CWE-553?

Remove any Shells accessible under the web root folder and children directories.

What are the consequences of CWE-553?

Exploiting CWE-553 can lead to: Execute Unauthorized Code or Commands.

Is CWE-553 actively exploited?

1 recorded CVEs are caused by CWE-553; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-553

Get alerted the moment a new CWE-553 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Applies to

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-553?

What CVEs are caused by CWE-553?

How do you prevent CWE-553?

What are the consequences of CWE-553?

Is CWE-553 actively exploited?

References

Stay ahead of CWE-553