Emissary shell injection enables RCE (CVE-2026-35580)

Overview

A critical shell injection vulnerability, tracked as CVE-2026-35580, has been identified in the Emissary P2P data-driven workflow engine. Versions prior to 8.39.0 contain unsafe handling of user inputs within GitHub Actions workflow files, allowing authenticated attackers to execute arbitrary shell commands.

Vulnerability Details

In affected versions, Emissary’s GitHub Actions workflow files directly interpolated user-controlled workflow_dispatch inputs into shell commands using the ${{ }} expression syntax. This created a shell injection point where an attacker’s input was not sanitized or validated before being executed by the system. The flaw stems from insecure input handling in the workflow automation scripts.

Impact and Risks

The primary risk is repository poisoning and supply chain compromise. An attacker with write access to a repository could inject malicious commands that execute during workflow runs. This could lead to:

• Theft of sensitive secrets (like API keys or tokens) stored in the repository or runner environment.
• Modification of source code or build artifacts to insert backdoors or malware.
• Compromise of the continuous integration/continuous deployment (CI/CD) pipeline, affecting all downstream users and projects that depend on the poisoned repository. The high CVSS score of 9.1 reflects the severe consequences, though it requires the attacker to first obtain repository write access.

Remediation and Mitigation

The vendor has released a fix in version 8.39.0. All users must upgrade to this version immediately.

Immediate Actions:

1. Upgrade: Update Emissary to version 8.39.0 or later without delay.
2. Audit Access: Review and tighten repository write permissions. Adhere to the principle of least privilege, ensuring only necessary users and automation systems have write access.
3. Review Workflows: Examine existing workflow files for similar patterns of direct input interpolation into shell commands and refactor them to use safer methods, such as environment variables with proper escaping.

For organizations unable to patch immediately, strict control over repository contributor access is the primary mitigation. Monitor repository activities and workflow run logs for any suspicious command execution.

Security Insight

This vulnerability highlights the persistent risk of injection flaws in CI/CD and workflow automation systems, which have become high-value targets for supply chain attacks. It echoes the risks seen in incidents like the GlassWorm attack, where compromised automation credentials were used to inject malware. The presence of this flaw in a workflow engine underscores that security reviews must extend beyond application code to include the security of the automation scripts that build and deploy it.

Further Reading

• GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push…
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs