CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

EUVD-2026-23628

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...

Emissary 命令注入漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a command injection vulnerability. This vulnerability stemmed from shell injection points in the GitHub Actions workflow files. User-controlled...

Emissary 跨站脚本漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Mustache navigation template directly inserting configured link values...

CVE-2021-32634

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the WorkSpaceClientEnqueue.action REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in...

Emissary 加密问题漏洞

Emissary is a distributed P2P data-driven workflow framework open-sourced by the National Security Agency. An encryption issue vulnerability exists in versions of Emissary prior to 8.24.0 that stems from the use of insecure encryption algorithms resulting in a security risk...