CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...

CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...

CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm

Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases e.g., SHA-1, CRC32, and SSDEEP. These algorithms, while...

CVE-2024-49766 vulnerabilities

Vulnerabilities for packages: airflow-core, superset, emissary, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, mlflow, kubeflow-pipelines-visualization-server, py3-werkzeug...

Emissary Code Execution Vulnerability

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A code execution vulnerability in Emissary version 6.4.0, which originates from an unsafe deserialization of an...

Emissary has an unspecified vulnerability

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A security vulnerability exists in Emissary 5.9.0, which can be exploited by an attacker to upload arbitrary files...

Emissary Information Disclosure Vulnerability

Emissary is a software application. A P2P-based data-driven workflow engine that runs across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. An information disclosure vulnerability exists in Emissary version 5.9.0, which can be exploited by an attacker...

Emissary Cross-Site Scripting Vulnerability

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A cross-site scripting vulnerability exists in Emissary version 5.9.0, which can be exploited by an attacker to...