Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACE_NAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing shell metacharacters (;, |, $, `, (, ), etc.) to pass through into /bin/sh -c command execution. This vulnerability is fixed in 8.39.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-35581
  • Nsa » Emissary » Version: 5.0.0
    cpe:2.3:a:nsa:emissary:5.0.0
  • Nsa » Emissary » Version: 5.1.0
    cpe:2.3:a:nsa:emissary:5.1.0
  • Nsa » Emissary » Version: 5.10.0
    cpe:2.3:a:nsa:emissary:5.10.0
  • Nsa » Emissary » Version: 5.11.0
    cpe:2.3:a:nsa:emissary:5.11.0
  • Nsa » Emissary » Version: 5.2.0
    cpe:2.3:a:nsa:emissary:5.2.0
  • Nsa » Emissary » Version: 5.3.0
    cpe:2.3:a:nsa:emissary:5.3.0
  • Nsa » Emissary » Version: 5.4.1
    cpe:2.3:a:nsa:emissary:5.4.1
  • Nsa » Emissary » Version: 5.5.0
    cpe:2.3:a:nsa:emissary:5.5.0
  • Nsa » Emissary » Version: 5.6.0
    cpe:2.3:a:nsa:emissary:5.6.0
  • Nsa » Emissary » Version: 5.7.0
    cpe:2.3:a:nsa:emissary:5.7.0
  • Nsa » Emissary » Version: 5.8.0
    cpe:2.3:a:nsa:emissary:5.8.0
  • Nsa » Emissary » Version: 5.9.0
    cpe:2.3:a:nsa:emissary:5.9.0
  • Nsa » Emissary » Version: 6.0.0
    cpe:2.3:a:nsa:emissary:6.0.0
  • Nsa » Emissary » Version: 6.1.0
    cpe:2.3:a:nsa:emissary:6.1.0
  • Nsa » Emissary » Version: 6.2.0
    cpe:2.3:a:nsa:emissary:6.2.0
  • Nsa » Emissary » Version: 6.3.0
    cpe:2.3:a:nsa:emissary:6.3.0
  • Nsa » Emissary » Version: 6.4.0
    cpe:2.3:a:nsa:emissary:6.4.0
  • Nsa » Emissary » Version: 6.5.0
    cpe:2.3:a:nsa:emissary:6.5.0
  • Nsa » Emissary » Version: 6.6.0
    cpe:2.3:a:nsa:emissary:6.6.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved