{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35580", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-03T20:09:02.827Z", "datePublished": "2026-04-07T15:55:56.074Z", "dateUpdated": "2026-04-07T18:25:26.662Z"}, "containers": {"cna": {"title": "Emissary has GitHub Actions Shell Injection via Workflow Inputs", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-3g6g-gq4r-xjm9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-3g6g-gq4r-xjm9"}, {"name": "https://github.com/NationalSecurityAgency/emissary/pull/1286", "tags": ["x_refsource_MISC"], "url": "https://github.com/NationalSecurityAgency/emissary/pull/1286"}, {"name": "https://github.com/NationalSecurityAgency/emissary/pull/1288", "tags": ["x_refsource_MISC"], "url": "https://github.com/NationalSecurityAgency/emissary/pull/1288"}], "affected": [{"vendor": "NationalSecurityAgency", "product": "emissary", "versions": [{"version": "< 8.39.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T15:55:56.074Z"}, "descriptions": [{"lang": "en", "value": "Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to repository poisoning and supply chain compromise affecting all downstream users. This vulnerability is fixed in 8.39.0."}], "source": {"advisory": "GHSA-3g6g-gq4r-xjm9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T18:25:08.739191Z", "id": "CVE-2026-35580", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T18:25:26.662Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to repository poisoning and supply chain compromise affecting all downstream users. This vulnerability is fixed in 8.39.0."}], "id": "CVE-2026-35580", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T17:16:33.307", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/NationalSecurityAgency/emissary/pull/1286"}, {"source": "security-advisories@github.com", "url": "https://github.com/NationalSecurityAgency/emissary/pull/1288"}, {"source": "security-advisories@github.com", "url": "https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-3g6g-gq4r-xjm9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.39.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "emissary", "source": "cna", "vendor": "NationalSecurityAgency"}, "product": "emissary", "vendor": "nationalsecurityagency"}], "analysis": {"en": {"generated_at": "2026-04-07T22:09:23.069550+00:00", "value": {"mitigation_remediation": ["Upgrade Emissary to version 8.39.0 or later."], "summary": {"action": "Apply Patch", "impact": "Code Execution via Shell Injection"}, "threat_synthesis": {"affected_systems": "Emissary, a peer\u2011to\u2011peer data\u2011driven workflow engine, is affected on all releases prior to version 8.39.0. The vulnerability is present in the GitHub Actions workflow files that use the legacy shell command interpolation syntax.", "description_and_impact": "User\u2011controlled workflow_dispatch inputs are directly interpolated into shell commands within GitHub Actions workflow files, creating a shell injection point. An attacker capable of writing to the repository can inject arbitrary shell commands, leading to repository poisoning and a supply chain compromise that affects all downstream users. The weakness is a classic command injection attack and is listed as CWE\u201177.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a critical severity. Although the EPSS score is not available, the vulnerability is not catalogued in the CISA KEV list. The likely attack vector requires repository write access, meaning developers or contributors who can push to the repository can trigger the injection. The impact is wide\u2011ranging, potentially enabling arbitrary code execution and compromising the integrity of the repository and downstream software that relies on it."}}}}, "created": "2026-04-08T19:37:03.246829+00:00", "updated": "2026-04-08T19:48:09.096289+00:00", "vendors": ["nationalsecurityagency", "nationalsecurityagency$PRODUCT$emissary"]}