RCE in Containers Podman

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerS…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.

Affected products

Containers Podman — versions >= 4.8.0, < 5.8.2

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59 (x_refsource_CONFIRM)
https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed (x_refsource_MISC)