PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33414 containers CVE debrief

CVE-2026-33414 is a command injection vulnerability in the HyperV machine backend of Podman, a tool for managing OCI containers and pods. The vulnerability exists in versions 4.8.0 through 5.8.1 and is caused by the insertion of a VM image path into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. This vulnerability allows an attacker to execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations, this means SYSTEM-level code execution. The issue has been patched in version 5.8.2. Users should update to the latest version to mitigate this vulnerability.

Vendor
containers
Product
podman
CVSS
MEDIUM 4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-14
Original CVE updated
2026-06-30
Advisory published
2026-04-14
Advisory updated
2026-06-30

Who should care

Users of Podman versions 4.8.0 through 5.8.1, especially those using the HyperV machine backend on Windows installations, should be aware of this vulnerability. System administrators and security teams responsible for managing containerized environments should prioritize updating to version 5.8.2 or later to prevent potential exploitation.

Technical summary

The vulnerability is located in the HyperV machine backend in pkg/machine/hyperv/stubber.go. The VM image path is inserted into a PowerShell double-quoted string without proper sanitization, allowing for $() subexpression injection. This enables an attacker to execute arbitrary PowerShell commands with the privileges of the Podman process. The vulnerability is exclusive to the HyperV backend and only affects Windows installations. The CVSS score for this vulnerability is 4, indicating a medium severity level.

Defensive priority

Medium priority should be given to updating Podman to version 5.8.2 or later. System administrators should ensure that all affected systems are updated as soon as possible to prevent potential exploitation.

Recommended defensive actions

  • Update Podman to version 5.8.2 or later
  • Review and restrict VM image paths to prevent arbitrary input
  • Monitor Podman logs for suspicious activity
  • Implement additional security measures to detect and prevent exploitation attempts
  • Conduct regular vulnerability assessments to identify potential weaknesses

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and the affected versions. The source item URL provides additional context and references related to the vulnerability. The patch references indicate that the issue has been addressed in version 5.8.2.

Official resources

This article is AI-assisted and based on the supplied source corpus.