Every CVE whose affected-product data names Nsa Emissary, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-35580 — CVSS 9.1 (critical): Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where…
CVE-2021-32094 — CVSS 8.8 (high): U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
CVE-2026-35582 — CVSS 8.8 (high): Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command…
CVE-2021-32096 — CVSS 8.8 (high): The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary…
CVE-2021-32095 — CVSS 8.1 (high): U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
CVE-2021-32647 — CVSS 8.0 (high): Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code…
CVE-2021-32634 — CVSS 7.2 (high): Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of…
CVE-2026-35581 — CVSS 7.2 (high): Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by…
CVE-2021-32639 — CVSS 7.2 (high): Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In…
CVE-2021-32093 — CVSS 6.5 (medium): The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files…
CVE-2021-32092 — CVSS 6.1 (medium): A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows…
CVE-2026-35583 — CVSS 5.3 (medium): Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{name}) validated…
CVE-2026-35571 — CVSS 4.8 (medium): Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled…