CVE-2026-33414: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in containers podman
A command injection vulnerability (CWE-78) exists in Podman versions 4. 8. 0 through 5. 8. 1 within the HyperV machine backend on Windows. The vulnerability arises because the VM image path is inserted into a PowerShell double-quoted string without proper sanitization, enabling subexpression injection. An attacker controlling the VM image path can execute arbitrary PowerShell commands with the privileges of the Podman process, which on Windows typically means SYSTEM-level code execution. This issue affects only Windows systems using the HyperV backend and has been fixed in Podman version 5. 8. 2.
AI Analysis
Technical Summary
Podman, a container and pod management tool, contains a command injection vulnerability in its HyperV machine backend code (pkg/machine/hyperv/stubber.go) in versions 4.8.0 through 5.8.1. The vulnerability occurs because the VM image path is embedded unsanitized inside a PowerShell double-quoted string, allowing an attacker to inject and execute arbitrary PowerShell subexpressions. This leads to arbitrary code execution with Podman process privileges, which on Windows typically equates to SYSTEM-level access. The vulnerability is exclusive to Windows due to the HyperV backend dependency. The issue has been patched in version 5.8.2.
Potential Impact
An attacker who can control the VM image path can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations, this results in SYSTEM-level code execution, representing a significant security risk. The vulnerability is limited to Windows systems using the HyperV backend and does not affect other platforms or Podman versions outside the specified range.
Mitigation Recommendations
This vulnerability has been patched in Podman version 5.8.2. Users should upgrade to version 5.8.2 or later to remediate this issue. There is no indication that other mitigations or workarounds are available or necessary.
CVE-2026-33414: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in containers podman
Description
A command injection vulnerability (CWE-78) exists in Podman versions 4. 8. 0 through 5. 8. 1 within the HyperV machine backend on Windows. The vulnerability arises because the VM image path is inserted into a PowerShell double-quoted string without proper sanitization, enabling subexpression injection. An attacker controlling the VM image path can execute arbitrary PowerShell commands with the privileges of the Podman process, which on Windows typically means SYSTEM-level code execution. This issue affects only Windows systems using the HyperV backend and has been fixed in Podman version 5. 8. 2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Podman, a container and pod management tool, contains a command injection vulnerability in its HyperV machine backend code (pkg/machine/hyperv/stubber.go) in versions 4.8.0 through 5.8.1. The vulnerability occurs because the VM image path is embedded unsanitized inside a PowerShell double-quoted string, allowing an attacker to inject and execute arbitrary PowerShell subexpressions. This leads to arbitrary code execution with Podman process privileges, which on Windows typically equates to SYSTEM-level access. The vulnerability is exclusive to Windows due to the HyperV backend dependency. The issue has been patched in version 5.8.2.
Potential Impact
An attacker who can control the VM image path can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations, this results in SYSTEM-level code execution, representing a significant security risk. The vulnerability is limited to Windows systems using the HyperV backend and does not affect other platforms or Podman versions outside the specified range.
Mitigation Recommendations
This vulnerability has been patched in Podman version 5.8.2. Users should upgrade to version 5.8.2 or later to remediate this issue. There is no indication that other mitigations or workarounds are available or necessary.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-19T17:02:34.171Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dec76b82d89c981f15e825
Added to database: 4/14/2026, 11:02:03 PM
Last enriched: 4/14/2026, 11:17:00 PM
Last updated: 4/15/2026, 12:15:06 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.