Plattform
python
Komponente
intake
Behoben in
2.0.10
2.0.10
CVE-2026-33310 describes a Command Injection vulnerability discovered in Intake's catalog parsing process. This flaw allows attackers to inject and execute arbitrary commands on the host system by crafting malicious catalog YAML files. The vulnerability impacts versions of Intake up to and including 2.0.9, but a fix is available in version 2.0.9.
The core of this vulnerability lies in the automatic expansion of shell() syntax within parameter default values during catalog parsing. An attacker can embed malicious commands within a catalog YAML file using shell(<command>). When a user loads this crafted YAML, the embedded command is executed on the host system. The potential impact is significant, ranging from data exfiltration and system compromise to complete host takeover. This vulnerability resembles other OS Command Injection flaws, where attackers can leverage system utilities and APIs to achieve unauthorized access and control. The blast radius extends to any system processing these malicious catalogs.
CVE-2026-33310 was publicly disclosed on 2026-03-19. The vulnerability's severity is considered HIGH (CVSS: 8.8). Currently, there are no publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog as of this writing. Active exploitation campaigns are not currently confirmed, but the ease of exploitation and the potential impact warrant careful monitoring.
Organizations utilizing Intake for data ingestion and catalog management are at risk, particularly those relying on user-supplied catalog sources. Environments with limited input validation or inadequate security controls on catalog processing are especially vulnerable. Shared hosting environments where multiple users can upload catalogs also present a heightened risk.
• python: Inspect Intake logs for unusual process executions or command line arguments related to catalog parsing. Use ps aux | grep intake to monitor running processes and look for unexpected commands.
• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/auth.log) for suspicious command executions originating from the Intake process. Use auditd to track file access and system calls related to catalog parsing.
• generic web: Examine web server access logs for requests to catalog endpoints containing suspicious YAML content. Look for patterns indicative of shell command injection attempts.
disclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-33310 is to immediately upgrade to Intake version 2.0.9 or later. If upgrading is not immediately feasible, consider implementing stricter input validation on catalog YAML files to prevent the inclusion of shell() syntax. Employing a Web Application Firewall (WAF) with rules to detect and block requests containing suspicious shell commands within YAML payloads can provide an additional layer of defense. Thoroughly review and sanitize all catalog sources before processing them to minimize the risk of command execution. After upgrading, confirm the fix by attempting to load a test catalog containing a benign shell() command; it should not execute.
Actualice el paquete Intake a la versión 2.0.9 o superior. Esto mitigará la vulnerabilidad de inyección de comandos al deshabilitar la expansión automática de la sintaxis shell() en los valores predeterminados de los parámetros.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33310 is a HIGH severity Command Injection vulnerability affecting Intake versions up to 2.0.9. It allows attackers to execute commands on the host system by crafting malicious catalog YAML files.
You are affected if you are using Intake version 2.0.9 or earlier. Upgrade to version 2.0.9 or later to resolve this vulnerability.
The recommended fix is to upgrade to Intake version 2.0.9 or later. As a temporary workaround, implement stricter input validation on catalog YAML files.
Active exploitation campaigns are not currently confirmed, but the vulnerability's potential impact warrants careful monitoring.
Refer to the official Intake documentation and security advisories for the most up-to-date information regarding CVE-2026-33310.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.