Nationalsecurityagency Emissary

9 CVEs affecting Nationalsecurityagency Emissary. Latest disclosed: 2026-04-18. Critical: 1, High: 6.

Top CVEs affecting Nationalsecurityagency Emissary
CVE	Severity	Score	Published	Summary
`CVE-2026-35580`	Critical	`9.1`	2026-04-07	Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled work…
`CVE-2026-35582`	High	`8.8`	2026-04-18	Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it int…
`CVE-2021-32647`	High	`8.0`	2021-05-28	Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`Cre…
`CVE-2025-27508`	High	`7.5`	2025-03-05	Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or default…
`CVE-2026-35581`	High	`7.2`	2026-04-07	Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-der…
`CVE-2021-32639`	High	`7.2`	2021-07-02	Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterP…
`CVE-2021-32634`	High	`7.2`	2021-05-21	Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests…
`CVE-2026-35583`	Medium	`5.3`	2026-04-07	Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{name}) validated configuration names…
`CVE-2026-35571`	Medium	`4.8`	2026-04-07	Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly…