CVE-2026-35582: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in NationalSecurityAgency emissary
CVE-2026-35582 is an OS command injection vulnerability in NationalSecurityAgency's Emissary workflow engine versions 8. 42. 0 and below. The vulnerability arises because the Executrix. getCommand() method interpolates temporary file paths into a shell command without escaping or validating certain configuration inputs (IN_FILE_ENDING and OUT_FILE_ENDING). This allows a user with permission to modify . cfg files (place authors) to inject arbitrary shell commands executed in the JVM process context. The vulnerability does not require network access or elevated privileges beyond place configuration authorship. This issue is fixed in version 8. 43.
AI Analysis
Technical Summary
Emissary versions prior to 8.43.0 contain an OS command injection vulnerability in the Executrix.getCommand() method. The method constructs a /bin/sh -c command string by embedding temporary file paths derived from configuration keys IN_FILE_ENDING and OUT_FILE_ENDING without escaping or input validation. While placeName is sanitized via an allowlist, these file ending values are not, enabling injection of shell metacharacters. Exploitation requires only the ability to write or modify a .cfg file as a place author, with no additional privileges or network access. This flaw allows arbitrary OS command execution in the JVM process security context. The vulnerability is resolved in Emissary version 8.43.0.
Potential Impact
Successful exploitation allows an attacker with place configuration author permissions to execute arbitrary OS commands within the JVM process context, potentially leading to full compromise of the affected system. The vulnerability impacts confidentiality, integrity, and availability, as reflected by the CVSS score of 8.8 (high severity). No network or API access is required, but the attacker must have write access to place configuration files.
Mitigation Recommendations
This vulnerability is fixed in Emissary version 8.43.0. Users should upgrade to version 8.43.0 or later to remediate this issue. There is no safe workaround or mitigation available for affected versions, as the framework does not provide escaping or input validation for the vulnerable configuration keys. Until upgraded, restrict place configuration file write permissions to trusted users only.
CVE-2026-35582: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in NationalSecurityAgency emissary
Description
CVE-2026-35582 is an OS command injection vulnerability in NationalSecurityAgency's Emissary workflow engine versions 8. 42. 0 and below. The vulnerability arises because the Executrix. getCommand() method interpolates temporary file paths into a shell command without escaping or validating certain configuration inputs (IN_FILE_ENDING and OUT_FILE_ENDING). This allows a user with permission to modify . cfg files (place authors) to inject arbitrary shell commands executed in the JVM process context. The vulnerability does not require network access or elevated privileges beyond place configuration authorship. This issue is fixed in version 8. 43.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Emissary versions prior to 8.43.0 contain an OS command injection vulnerability in the Executrix.getCommand() method. The method constructs a /bin/sh -c command string by embedding temporary file paths derived from configuration keys IN_FILE_ENDING and OUT_FILE_ENDING without escaping or input validation. While placeName is sanitized via an allowlist, these file ending values are not, enabling injection of shell metacharacters. Exploitation requires only the ability to write or modify a .cfg file as a place author, with no additional privileges or network access. This flaw allows arbitrary OS command execution in the JVM process security context. The vulnerability is resolved in Emissary version 8.43.0.
Potential Impact
Successful exploitation allows an attacker with place configuration author permissions to execute arbitrary OS commands within the JVM process context, potentially leading to full compromise of the affected system. The vulnerability impacts confidentiality, integrity, and availability, as reflected by the CVSS score of 8.8 (high severity). No network or API access is required, but the attacker must have write access to place configuration files.
Mitigation Recommendations
This vulnerability is fixed in Emissary version 8.43.0. Users should upgrade to version 8.43.0 or later to remediate this issue. There is no safe workaround or mitigation available for affected versions, as the framework does not provide escaping or input validation for the vulnerable configuration keys. Until upgraded, restrict place configuration file write permissions to trusted users only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-03T20:09:02.827Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2e080bdfbbecc59c723a7
Added to database: 4/18/2026, 1:38:08 AM
Last enriched: 4/18/2026, 1:53:10 AM
Last updated: 4/18/2026, 3:44:50 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.