Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionGitHub Advisory
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to repository poisoning and supply chain compromise affecting all downstream users. This vulnerability is fixed in 8.39.0.
AnalysisAI
Shell command injection in Emissary workflow engine below version 8.39.0 allows high-privileged attackers with repository write access to execute arbitrary commands via GitHub Actions workflow_dispatch inputs. Attackers exploit unsanitized ${{ }} expression syntax in workflow files to inject malicious shell commands, enabling repository poisoning and supply chain attacks affecting downstream users. CVSS 9.1 (Critical) with Changed scope indicates potential to compromise beyond the vulnerable component. No public exploit code or CISA KEV listing identified at time of analysis, though exploitation requires only repository write access with low attack complexity.
Technical ContextAI
Emissary is a P2P-based data-driven workflow engine developed by the National Security Agency (NSA). This vulnerability (CWE-77: Command Injection) stems from unsafe interpolation of user-controlled workflow_dispatch inputs within GitHub Actions YAML workflow files. The GitHub Actions ${{ }} expression syntax, when used to embed workflow inputs directly into shell commands without proper sanitization, creates injection points. An attacker with repository write permissions can craft malicious workflow_dispatch trigger payloads containing shell metacharacters or command sequences that execute during workflow runs. The Changed scope (S:C) in the CVSS vector indicates the vulnerability can affect resources beyond the GitHub Actions runner context, potentially compromising the CI/CD pipeline, build artifacts, or downstream systems that consume Emissary releases.
RemediationAI
Upgrade immediately to Emissary version 8.39.0 or later, which contains fixes for the shell injection vulnerability. The remediation was implemented through GitHub pull requests #1286 and #1288 available at https://github.com/NationalSecurityAgency/emissary/pull/1286 and https://github.com/NationalSecurityAgency/emissary/pull/1288. Organizations should audit all GitHub Actions workflow files for unsafe interpolation of workflow_dispatch inputs using ${{ }} syntax in shell commands and replace with properly sanitized alternatives or environment variable passing mechanisms. As an interim mitigation for environments unable to upgrade immediately, restrict repository write access to only essential trusted personnel, implement mandatory code review for all workflow file changes, and consider disabling workflow_dispatch triggers if not operationally required. Verify that no malicious commits were introduced to the repository prior to patching, as attackers with historical write access could have already poisoned the codebase.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19728
GHSA-3g6g-gq4r-xjm9