Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-p8bm-y8vw-p3fq

Summary Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting (XSS) against other authenticated users viewing the Emissary web interface. This vulnerability is fixed in 8.39.0.

Aliases

alias	CVE-2026-35571

alias	GHSA-cpm7-cfpx-3hvp

Fixed_packages

url pkg:maven/gov.nsa.emissary/emissary@8.39.0

purl pkg:maven/gov.nsa.emissary/emissary@8.39.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bqjm-25c2-yfh2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.39.0

Affected_packages

url pkg:maven/gov.nsa.emissary/emissary@8.0.0

purl pkg:maven/gov.nsa.emissary/emissary@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.0.0

url pkg:maven/gov.nsa.emissary/emissary@8.1.0

purl pkg:maven/gov.nsa.emissary/emissary@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.1.0

url pkg:maven/gov.nsa.emissary/emissary@8.2.0

purl pkg:maven/gov.nsa.emissary/emissary@8.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.2.0

url pkg:maven/gov.nsa.emissary/emissary@8.3.0

purl pkg:maven/gov.nsa.emissary/emissary@8.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.3.0

url pkg:maven/gov.nsa.emissary/emissary@8.4.0

purl pkg:maven/gov.nsa.emissary/emissary@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.4.0

url pkg:maven/gov.nsa.emissary/emissary@8.5.0

purl pkg:maven/gov.nsa.emissary/emissary@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.5.0

url pkg:maven/gov.nsa.emissary/emissary@8.6.0

purl pkg:maven/gov.nsa.emissary/emissary@8.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.6.0

url pkg:maven/gov.nsa.emissary/emissary@8.7.0

purl pkg:maven/gov.nsa.emissary/emissary@8.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.7.0

url pkg:maven/gov.nsa.emissary/emissary@8.7.1

purl pkg:maven/gov.nsa.emissary/emissary@8.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.7.1

url pkg:maven/gov.nsa.emissary/emissary@8.8.0

purl pkg:maven/gov.nsa.emissary/emissary@8.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.8.0

url pkg:maven/gov.nsa.emissary/emissary@8.9.0

purl pkg:maven/gov.nsa.emissary/emissary@8.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.9.0

url pkg:maven/gov.nsa.emissary/emissary@8.10.0

purl pkg:maven/gov.nsa.emissary/emissary@8.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.10.0

url pkg:maven/gov.nsa.emissary/emissary@8.11.0

purl pkg:maven/gov.nsa.emissary/emissary@8.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.11.0

url pkg:maven/gov.nsa.emissary/emissary@8.11.1

purl pkg:maven/gov.nsa.emissary/emissary@8.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.11.1

url pkg:maven/gov.nsa.emissary/emissary@8.12.0

purl pkg:maven/gov.nsa.emissary/emissary@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.12.0

url pkg:maven/gov.nsa.emissary/emissary@8.13.0

purl pkg:maven/gov.nsa.emissary/emissary@8.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.13.0

url pkg:maven/gov.nsa.emissary/emissary@8.14.0

purl pkg:maven/gov.nsa.emissary/emissary@8.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.14.0

url pkg:maven/gov.nsa.emissary/emissary@8.15.0

purl pkg:maven/gov.nsa.emissary/emissary@8.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.15.0

url pkg:maven/gov.nsa.emissary/emissary@8.16.0

purl pkg:maven/gov.nsa.emissary/emissary@8.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.16.0

url pkg:maven/gov.nsa.emissary/emissary@8.17.0

purl pkg:maven/gov.nsa.emissary/emissary@8.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.17.0

url pkg:maven/gov.nsa.emissary/emissary@8.18.0

purl pkg:maven/gov.nsa.emissary/emissary@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.18.0

url pkg:maven/gov.nsa.emissary/emissary@8.19.0

purl pkg:maven/gov.nsa.emissary/emissary@8.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.19.0

url pkg:maven/gov.nsa.emissary/emissary@8.19.1

purl pkg:maven/gov.nsa.emissary/emissary@8.19.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.19.1

url pkg:maven/gov.nsa.emissary/emissary@8.20.0

purl pkg:maven/gov.nsa.emissary/emissary@8.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.20.0

url pkg:maven/gov.nsa.emissary/emissary@8.21.0

purl pkg:maven/gov.nsa.emissary/emissary@8.21.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.21.0

url pkg:maven/gov.nsa.emissary/emissary@8.22.0

purl pkg:maven/gov.nsa.emissary/emissary@8.22.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.22.0

url pkg:maven/gov.nsa.emissary/emissary@8.23.0

purl pkg:maven/gov.nsa.emissary/emissary@8.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-a4aa-6rdw-7ua2

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.23.0

url pkg:maven/gov.nsa.emissary/emissary@8.24.0

purl pkg:maven/gov.nsa.emissary/emissary@8.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.24.0

url pkg:maven/gov.nsa.emissary/emissary@8.25.0

purl pkg:maven/gov.nsa.emissary/emissary@8.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.25.0

url pkg:maven/gov.nsa.emissary/emissary@8.26.0

purl pkg:maven/gov.nsa.emissary/emissary@8.26.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.26.0

url pkg:maven/gov.nsa.emissary/emissary@8.27.0

purl pkg:maven/gov.nsa.emissary/emissary@8.27.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.27.0

url pkg:maven/gov.nsa.emissary/emissary@8.28.0

purl pkg:maven/gov.nsa.emissary/emissary@8.28.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.28.0

url pkg:maven/gov.nsa.emissary/emissary@8.29.0

purl pkg:maven/gov.nsa.emissary/emissary@8.29.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.29.0

url pkg:maven/gov.nsa.emissary/emissary@8.30.0

purl pkg:maven/gov.nsa.emissary/emissary@8.30.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.30.0

url pkg:maven/gov.nsa.emissary/emissary@8.31.0

purl pkg:maven/gov.nsa.emissary/emissary@8.31.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.31.0

url pkg:maven/gov.nsa.emissary/emissary@8.32.0

purl pkg:maven/gov.nsa.emissary/emissary@8.32.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.32.0

url pkg:maven/gov.nsa.emissary/emissary@8.33.0

purl pkg:maven/gov.nsa.emissary/emissary@8.33.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.33.0

url pkg:maven/gov.nsa.emissary/emissary@8.34.0

purl pkg:maven/gov.nsa.emissary/emissary@8.34.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.34.0

url pkg:maven/gov.nsa.emissary/emissary@8.35.0

purl pkg:maven/gov.nsa.emissary/emissary@8.35.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.35.0

url pkg:maven/gov.nsa.emissary/emissary@8.36.0

purl pkg:maven/gov.nsa.emissary/emissary@8.36.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.36.0

url pkg:maven/gov.nsa.emissary/emissary@8.37.0

purl pkg:maven/gov.nsa.emissary/emissary@8.37.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.37.0

url pkg:maven/gov.nsa.emissary/emissary@8.38.0

purl pkg:maven/gov.nsa.emissary/emissary@8.38.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p8s-nqex-vkfq

vulnerability	VCID-bqjm-25c2-yfh2

vulnerability	VCID-myhr-b7dm-cubr

vulnerability	VCID-p8bm-y8vw-p3fq

vulnerability	VCID-t3vu-9xvy-n3dt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gov.nsa.emissary/emissary@8.38.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-35571

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15047
published_at	2026-06-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.15046
published_at	2026-06-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14927
published_at	2026-06-11T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17407
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-35571

reference_url

https://github.com/NationalSecurityAgency/emissary

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/NationalSecurityAgency/emissary

reference_url

https://github.com/NationalSecurityAgency/emissary/commit/e2078417464b9004620dde28dcbca2f73ea06c13

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/NationalSecurityAgency/emissary/commit/e2078417464b9004620dde28dcbca2f73ea06c13

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-35571

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-35571

reference_url

https://github.com/NationalSecurityAgency/emissary/pull/1293

reference_id

1293

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:56:55Z/

url

https://github.com/NationalSecurityAgency/emissary/pull/1293

reference_url

https://github.com/advisories/GHSA-cpm7-cfpx-3hvp

reference_id

GHSA-cpm7-cfpx-3hvp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cpm7-cfpx-3hvp

reference_url

https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-cpm7-cfpx-3hvp

reference_id

GHSA-cpm7-cfpx-3hvp

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:56:55Z/

url

https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-cpm7-cfpx-3hvp

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8bm-y8vw-p3fq

Vulnerability Instance