Skip to main content

Emissary CVE-2021-32094

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2021-05-07 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 07, 2021 - 04:15 nvd
HIGH 8.8

DescriptionNVD

U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.

AnalysisAI

U.S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files. Affected products include: Nsa Emissary.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2021-32639 CRITICAL POC
9.9 Jul 02

Emissary is a P2P-based, data-driven workflow engine. Rated critical severity (CVSS 9.9), this vulnerability is remotely

CVE-2021-32647 CRITICAL POC
9.1 Jun 01

Emissary is a P2P based data-driven workflow engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely

CVE-2021-32096 HIGH POC
8.8 May 07

The ConsoleAction component of U.S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authe

CVE-2021-32093 MEDIUM POC
6.5 May 07

The ConfigFileAction component of U.S. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low

CVE-2021-32092 MEDIUM POC
6.1 May 07

A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. Rated medium severity (CVSS 6.1), thi

CVE-2021-32095 HIGH
8.1 May 07

U.S. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch

CVE-2026-35581 HIGH
7.2 Apr 07

Command injection in NSA Emissary P2P workflow engine (versions prior to 8.39.0) allows authenticated remote administrat

CVE-2021-32634 HIGH
7.2 May 21

Emissary is a distributed, peer-to-peer, data-driven workflow framework. Rated high severity (CVSS 7.2), this vulnerabil

CVE-2026-35583 MEDIUM
5.3 Apr 07

Emissary versions prior to 8.39.0 allow unauthenticated remote attackers to read arbitrary configuration files through p

CVE-2026-35571 MEDIUM
4.8 Apr 07

Stored cross-site scripting in Emissary prior to 8.39.0 allows authenticated administrators to inject malicious javascri

Share

CVE-2021-32094 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy