CVE-2026-33414 Overview
CVE-2026-33414 is a command injection vulnerability affecting Podman, a popular tool for managing OCI containers and pods. The vulnerability exists in the HyperV machine backend within pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without proper sanitization. This allows $() subexpression injection, enabling attackers to execute arbitrary PowerShell commands with the privileges of the Podman process.
Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can achieve arbitrary code execution. On typical Windows installations, this results in SYSTEM-level code execution. This vulnerability exclusively affects Windows systems as the vulnerable code is specific to the HyperV backend.
Critical Impact
Attackers with local access and high privileges can achieve SYSTEM-level code execution on Windows systems through PowerShell command injection via crafted VM image paths.
Affected Products
- Podman versions 4.8.0 through 5.8.1
- Windows systems using the HyperV machine backend
- Podman HyperV backend component (pkg/machine/hyperv/stubber.go)
Discovery Timeline
- 2026-04-14 - CVE CVE-2026-33414 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-33414
Vulnerability Analysis
This command injection vulnerability (CWE-78) exists due to improper input validation when constructing PowerShell commands in Podman's HyperV backend. The vulnerable code in pkg/machine/hyperv/stubber.go directly interpolates user-controllable file paths into a PowerShell command string using double quotes, without sanitizing for PowerShell's subexpression syntax.
PowerShell's string interpolation feature evaluates expressions within $() constructs when they appear inside double-quoted strings. This behavior allows an attacker who controls the VM image path to inject arbitrary PowerShell commands that execute before the intended Resize-VHD command runs. The attack requires local access and elevated privileges, but successful exploitation grants code execution with the privileges of the Podman process—typically SYSTEM on Windows.
Root Cause
The root cause is the direct insertion of unsanitized user input into a PowerShell double-quoted string context. The original code used fmt.Sprintf to construct a command string with the image path, failing to account for PowerShell's subexpression evaluation in double-quoted strings. This classic command injection pattern allows metacharacter injection when attackers can influence the file path through machine naming or image directory manipulation.
Attack Vector
The attack vector is local, requiring an attacker to have access to the target Windows system with sufficient privileges to create or manipulate Podman machine configurations. By crafting a malicious machine name or image directory path containing PowerShell subexpression syntax like $(malicious-command), the attacker can inject arbitrary PowerShell commands. When Podman executes HyperV operations such as disk resizing, the injected commands execute with the process privileges.
The following patch demonstrates how the vulnerability was addressed by using environment variables instead of direct string interpolation:
}
func resizeDisk(newSize strongunits.GiB, imagePath *define.VMFile) error {
- resize := exec.Command("powershell", []string{"-command", fmt.Sprintf("Resize-VHD \"%s\" %d", imagePath.GetPath(), newSize.ToBytes())}...)
+ resize := exec.Command("powershell", "-command", fmt.Sprintf("Resize-VHD \"$ENV:IMAGE_PATH\" %d", newSize.ToBytes()))
logrus.Debug(resize.Args)
resize.Stdout = os.Stdout
resize.Stderr = os.Stderr
+ resize.Env = append(os.Environ(), "IMAGE_PATH="+imagePath.GetPath())
if err := resize.Run(); err != nil {
return fmt.Errorf("resizing image: %q", err)
}
Source: GitHub Podman Commit Update
Detection Methods for CVE-2026-33414
Indicators of Compromise
- Unusual PowerShell process spawning from Podman executable with suspicious command-line arguments
- Machine names or image paths containing $() subexpression patterns
- Unexpected child processes under Podman with elevated privileges
- PowerShell execution logs showing commands inconsistent with normal Podman operations
Detection Strategies
- Monitor PowerShell command-line arguments for subexpression injection patterns containing $( constructs
- Implement file integrity monitoring on Podman machine configuration directories
- Enable PowerShell Script Block Logging and Module Logging to capture executed commands
- Use endpoint detection rules to alert on Podman spawning PowerShell with unusual parameters
Monitoring Recommendations
- Enable Windows Event Log forwarding for PowerShell events (Event IDs 4103, 4104)
- Configure SentinelOne policies to monitor for command injection patterns in PowerShell arguments
- Audit Podman machine configurations for suspicious naming conventions
- Implement file path validation logging for HyperV backend operations
How to Mitigate CVE-2026-33414
Immediate Actions Required
- Upgrade Podman to version 5.8.2 or later immediately on all Windows systems using HyperV backend
- Audit existing Podman machine names and image directories for suspicious path patterns
- Restrict local access to systems running Podman with HyperV backend
- Review PowerShell execution policies and enable constrained language mode where feasible
Patch Information
The vulnerability has been addressed in Podman version 5.8.2. The fix replaces direct string interpolation with environment variable usage, preventing PowerShell subexpression evaluation. The patched code passes the image path via the IMAGE_PATH environment variable and references it as $ENV:IMAGE_PATH in the PowerShell command, which does not trigger subexpression evaluation.
For detailed patch information, refer to the GitHub Podman Security Commit and the GitHub Security Advisory GHSA-hc8w-h2mf-hp59.
Workarounds
- Restrict Podman usage to non-HyperV backends where possible until patching is complete
- Implement strict input validation for machine names at the organizational policy level
- Use application control policies to restrict PowerShell execution from Podman processes
- Limit high-privilege access to systems running vulnerable Podman versions
# Verify current Podman version and upgrade
podman --version
# If version is between 4.8.0 and 5.8.1, upgrade immediately
# Windows: Use official Podman installer for version 5.8.2+
# Or via package manager if available
winget upgrade containers.podman
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
