PatchSiren cyber security CVE debrief
CVE-2026-33414 containers CVE debrief
CVE-2026-33414 is a command injection vulnerability in the HyperV machine backend of Podman, a tool for managing OCI containers and pods. The vulnerability exists in versions 4.8.0 through 5.8.1 and is caused by the insertion of a VM image path into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. This vulnerability allows an attacker to execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations, this means SYSTEM-level code execution. The issue has been patched in version 5.8.2. Users should update to the latest version to mitigate this vulnerability.
- Vendor
- containers
- Product
- podman
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-06-30
Who should care
Users of Podman versions 4.8.0 through 5.8.1, especially those using the HyperV machine backend on Windows installations, should be aware of this vulnerability. System administrators and security teams responsible for managing containerized environments should prioritize updating to version 5.8.2 or later to prevent potential exploitation.
Technical summary
The vulnerability is located in the HyperV machine backend in pkg/machine/hyperv/stubber.go. The VM image path is inserted into a PowerShell double-quoted string without proper sanitization, allowing for $() subexpression injection. This enables an attacker to execute arbitrary PowerShell commands with the privileges of the Podman process. The vulnerability is exclusive to the HyperV backend and only affects Windows installations. The CVSS score for this vulnerability is 4, indicating a medium severity level.
Defensive priority
Medium priority should be given to updating Podman to version 5.8.2 or later. System administrators should ensure that all affected systems are updated as soon as possible to prevent potential exploitation.
Recommended defensive actions
- Update Podman to version 5.8.2 or later
- Review and restrict VM image paths to prevent arbitrary input
- Monitor Podman logs for suspicious activity
- Implement additional security measures to detect and prevent exploitation attempts
- Conduct regular vulnerability assessments to identify potential weaknesses
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and the affected versions. The source item URL provides additional context and references related to the vulnerability. The patch references indicate that the issue has been addressed in version 5.8.2.
Official resources
-
CVE-2026-33414 CVE record
CVE.org
-
CVE-2026-33414 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.