CVE-2026-35582 - Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix
CVE ID :CVE-2026-35582 Published : April 18, 2026, 2:16 a.m. | 25 minutes ago Description :Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/s
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] GHSA-9J88-VVJ5-VHGR: GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit
- [CYBER] Apple account change alerts abused to send phishing emails
- [CYBER] Vercel Says Internal Systems Hit in Breach
- [CYBER] Vercel Says Internal Systems Hit in Breach
- [CYBER] Three Vulnerabilities That Quietly Rewrote the Threat Model in 2025
- [CYBER] Found and reported a Second-Order SQL Injection in mailcow (CVE-2026-40871) – High severity