CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35571

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting (XSS) against other authenticated users viewing the Emissary web interface. This vulnerability is fixed in 8.39.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.2%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2026-35571

Nsa » Emissary » Version: 5.0.0

cpe:2.3:a:nsa:emissary:5.0.0
Nsa » Emissary » Version: 5.1.0

cpe:2.3:a:nsa:emissary:5.1.0
Nsa » Emissary » Version: 5.10.0

cpe:2.3:a:nsa:emissary:5.10.0
Nsa » Emissary » Version: 5.11.0

cpe:2.3:a:nsa:emissary:5.11.0
Nsa » Emissary » Version: 5.2.0

cpe:2.3:a:nsa:emissary:5.2.0
Nsa » Emissary » Version: 5.3.0

cpe:2.3:a:nsa:emissary:5.3.0
Nsa » Emissary » Version: 5.4.1

cpe:2.3:a:nsa:emissary:5.4.1
Nsa » Emissary » Version: 5.5.0

cpe:2.3:a:nsa:emissary:5.5.0
Nsa » Emissary » Version: 5.6.0

cpe:2.3:a:nsa:emissary:5.6.0
Nsa » Emissary » Version: 5.7.0

cpe:2.3:a:nsa:emissary:5.7.0
Nsa » Emissary » Version: 5.8.0

cpe:2.3:a:nsa:emissary:5.8.0
Nsa » Emissary » Version: 5.9.0

cpe:2.3:a:nsa:emissary:5.9.0
Nsa » Emissary » Version: 6.0.0

cpe:2.3:a:nsa:emissary:6.0.0
Nsa » Emissary » Version: 6.1.0

cpe:2.3:a:nsa:emissary:6.1.0
Nsa » Emissary » Version: 6.2.0

cpe:2.3:a:nsa:emissary:6.2.0
Nsa » Emissary » Version: 6.3.0

cpe:2.3:a:nsa:emissary:6.3.0
Nsa » Emissary » Version: 6.4.0

cpe:2.3:a:nsa:emissary:6.4.0
Nsa » Emissary » Version: 6.5.0

cpe:2.3:a:nsa:emissary:6.5.0
Nsa » Emissary » Version: 6.6.0

cpe:2.3:a:nsa:emissary:6.6.0
Nsa » Emissary » Version: 7.0.0

cpe:2.3:a:nsa:emissary:7.0.0
Nsa » Emissary » Version: 7.1.0

cpe:2.3:a:nsa:emissary:7.1.0
Nsa » Emissary » Version: 7.10.0

cpe:2.3:a:nsa:emissary:7.10.0
Nsa » Emissary » Version: 7.11.0

cpe:2.3:a:nsa:emissary:7.11.0
Nsa » Emissary » Version: 7.12.0

cpe:2.3:a:nsa:emissary:7.12.0
Nsa » Emissary » Version: 7.13.0

cpe:2.3:a:nsa:emissary:7.13.0
Nsa » Emissary » Version: 7.14.0

cpe:2.3:a:nsa:emissary:7.14.0
Nsa » Emissary » Version: 7.15.0

cpe:2.3:a:nsa:emissary:7.15.0
Nsa » Emissary » Version: 7.16.0

cpe:2.3:a:nsa:emissary:7.16.0
Nsa » Emissary » Version: 7.17.0

cpe:2.3:a:nsa:emissary:7.17.0
Nsa » Emissary » Version: 7.17.1

cpe:2.3:a:nsa:emissary:7.17.1
Nsa » Emissary » Version: 7.18.0

cpe:2.3:a:nsa:emissary:7.18.0
Nsa » Emissary » Version: 7.19.0

cpe:2.3:a:nsa:emissary:7.19.0
Nsa » Emissary » Version: 7.19.1

cpe:2.3:a:nsa:emissary:7.19.1
Nsa » Emissary » Version: 7.2.0

cpe:2.3:a:nsa:emissary:7.2.0
Nsa » Emissary » Version: 7.3.0

cpe:2.3:a:nsa:emissary:7.3.0
Nsa » Emissary » Version: 7.4.0

cpe:2.3:a:nsa:emissary:7.4.0
Nsa » Emissary » Version: 7.5.0

cpe:2.3:a:nsa:emissary:7.5.0
Nsa » Emissary » Version: 7.6.0

cpe:2.3:a:nsa:emissary:7.6.0
Nsa » Emissary » Version: 7.7.0

cpe:2.3:a:nsa:emissary:7.7.0
Nsa » Emissary » Version: 7.8.0

cpe:2.3:a:nsa:emissary:7.8.0
Nsa » Emissary » Version: 7.9.0

cpe:2.3:a:nsa:emissary:7.9.0
Nsa » Emissary » Version: 8.0.0

cpe:2.3:a:nsa:emissary:8.0.0
Nsa » Emissary » Version: 8.1.0

cpe:2.3:a:nsa:emissary:8.1.0
Nsa » Emissary » Version: 8.10.0

cpe:2.3:a:nsa:emissary:8.10.0
Nsa » Emissary » Version: 8.11.0

cpe:2.3:a:nsa:emissary:8.11.0
Nsa » Emissary » Version: 8.11.1

cpe:2.3:a:nsa:emissary:8.11.1
Nsa » Emissary » Version: 8.12.0

cpe:2.3:a:nsa:emissary:8.12.0
Nsa » Emissary » Version: 8.13.0

cpe:2.3:a:nsa:emissary:8.13.0
Nsa » Emissary » Version: 8.14.0

cpe:2.3:a:nsa:emissary:8.14.0
Nsa » Emissary » Version: 8.15.0

cpe:2.3:a:nsa:emissary:8.15.0
Nsa » Emissary » Version: 8.16.0

cpe:2.3:a:nsa:emissary:8.16.0
Nsa » Emissary » Version: 8.17.0

cpe:2.3:a:nsa:emissary:8.17.0
Nsa » Emissary » Version: 8.18.0

cpe:2.3:a:nsa:emissary:8.18.0
Nsa » Emissary » Version: 8.19.0

cpe:2.3:a:nsa:emissary:8.19.0
Nsa » Emissary » Version: 8.19.1

cpe:2.3:a:nsa:emissary:8.19.1
Nsa » Emissary » Version: 8.2.0

cpe:2.3:a:nsa:emissary:8.2.0
Nsa » Emissary » Version: 8.20.0

cpe:2.3:a:nsa:emissary:8.20.0
Nsa » Emissary » Version: 8.21.0

cpe:2.3:a:nsa:emissary:8.21.0
Nsa » Emissary » Version: 8.22.0

cpe:2.3:a:nsa:emissary:8.22.0
Nsa » Emissary » Version: 8.23.0

cpe:2.3:a:nsa:emissary:8.23.0
Nsa » Emissary » Version: 8.24.0

cpe:2.3:a:nsa:emissary:8.24.0
Nsa » Emissary » Version: 8.25.0

cpe:2.3:a:nsa:emissary:8.25.0
Nsa » Emissary » Version: 8.26.0

cpe:2.3:a:nsa:emissary:8.26.0
Nsa » Emissary » Version: 8.27.0

cpe:2.3:a:nsa:emissary:8.27.0
Nsa » Emissary » Version: 8.28.0

cpe:2.3:a:nsa:emissary:8.28.0
Nsa » Emissary » Version: 8.29.0

cpe:2.3:a:nsa:emissary:8.29.0
Nsa » Emissary » Version: 8.3.0

cpe:2.3:a:nsa:emissary:8.3.0
Nsa » Emissary » Version: 8.30.0

cpe:2.3:a:nsa:emissary:8.30.0
Nsa » Emissary » Version: 8.31.0

cpe:2.3:a:nsa:emissary:8.31.0
Nsa » Emissary » Version: 8.32.0

cpe:2.3:a:nsa:emissary:8.32.0
Nsa » Emissary » Version: 8.33.0

cpe:2.3:a:nsa:emissary:8.33.0
Nsa » Emissary » Version: 8.34.0

cpe:2.3:a:nsa:emissary:8.34.0
Nsa » Emissary » Version: 8.35.0

cpe:2.3:a:nsa:emissary:8.35.0
Nsa » Emissary » Version: 8.36.0

cpe:2.3:a:nsa:emissary:8.36.0
Nsa » Emissary » Version: 8.37.0

cpe:2.3:a:nsa:emissary:8.37.0
Nsa » Emissary » Version: 8.38.0

cpe:2.3:a:nsa:emissary:8.38.0
Nsa » Emissary » Version: 8.4.0

cpe:2.3:a:nsa:emissary:8.4.0
Nsa » Emissary » Version: 8.5.0

cpe:2.3:a:nsa:emissary:8.5.0
Nsa » Emissary » Version: 8.6.0

cpe:2.3:a:nsa:emissary:8.6.0
Nsa » Emissary » Version: 8.7.0

cpe:2.3:a:nsa:emissary:8.7.0
Nsa » Emissary » Version: 8.7.1

cpe:2.3:a:nsa:emissary:8.7.1
Nsa » Emissary » Version: 8.8.0

cpe:2.3:a:nsa:emissary:8.8.0
Nsa » Emissary » Version: 8.9.0

cpe:2.3:a:nsa:emissary:8.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35571

Products

Pricing

Contact Us