Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.0
Podman's HyperV Machine Allows Unrestricted PowerShell Commands
GHSA-hc8w-h2mf-hp59
CVE-2026-33414
GHSA-hc8w-h2mf-hp59
Summary
Podman's HyperV machine backend has a security flaw that allows an attacker to execute arbitrary PowerShell commands on the Windows host with elevated privileges. This affects Windows users who run Podman. To fix the issue, update to the latest version of Podman, which has been patched to prevent this vulnerability.
What to do
- Update github.com containers to version 5.8.2.
- Update containers github.com/containers/podman/v5 to version 5.8.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| go | github.com | containers | >= 4.8.0, <= 4.9.5 |
| go | github.com | containers |
<= 5.8.1 Fix: upgrade to 5.8.2
|
| Go | containers | github.com/containers/podman/v4 | >= 4.8.0, <= 4.9.5 |
| Go | containers | github.com/containers/podman/v5 |
< 5.8.2 Fix: upgrade to 5.8.2
|
Original title
PowerShell Command Injection in Podman HyperV Machine
Original description
## Summary
A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing `$()` subexpression injection.
## Affected Code
**File**: `pkg/machine/hyperv/stubber.go:647`
```go
resize := exec.Command("powershell", []string{
"-command",
fmt.Sprintf("Resize-VHD \"%s\" %d", imagePath.GetPath(), newSize.ToBytes()),
}...)
```
## Root Cause
PowerShell evaluates `$()` subexpressions inside double-quoted strings before executing the outer command. The `fmt.Sprintf` call places the user-controlled image path directly into double quotes without escaping or sanitization.
## Impact
An attacker who can control the VM image path (through a crafted machine name or image directory) can execute arbitrary PowerShell commands with the privileges of the Podman process on the Windows host. On typical Windows installations, this means SYSTEM-level code execution.
## Patch
https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed
The affected code is only used on Windows, all other operating systems are not affected by this and can thus ignore the CVE patch.
## Credit
We like to thank Sang-Hoon Choi (@KoreaSecurity) for reporting this issue to us.
A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing `$()` subexpression injection.
## Affected Code
**File**: `pkg/machine/hyperv/stubber.go:647`
```go
resize := exec.Command("powershell", []string{
"-command",
fmt.Sprintf("Resize-VHD \"%s\" %d", imagePath.GetPath(), newSize.ToBytes()),
}...)
```
## Root Cause
PowerShell evaluates `$()` subexpressions inside double-quoted strings before executing the outer command. The `fmt.Sprintf` call places the user-controlled image path directly into double quotes without escaping or sanitization.
## Impact
An attacker who can control the VM image path (through a crafted machine name or image directory) can execute arbitrary PowerShell commands with the privileges of the Podman process on the Windows host. On typical Windows installations, this means SYSTEM-level code execution.
## Patch
https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed
The affected code is only used on Windows, all other operating systems are not affected by this and can thus ignore the CVE patch.
## Credit
We like to thank Sang-Hoon Choi (@KoreaSecurity) for reporting this issue to us.
ghsa CVSS4.0
4.0
Vulnerability type
CWE-78
OS Command Injection
- https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59
- https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc6...
- https://github.com/advisories/GHSA-hc8w-h2mf-hp59
- https://nvd.nist.gov/vuln/detail/CVE-2026-33414 Vendor Advisory
- https://github.com/containers/podman Product
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 14 Apr 2026