Platform
python
Component
intake
Fixed in
2.0.10
2.0.10
CVE-2026-33310 describes a Command Injection vulnerability discovered in Intake's catalog parsing process. This flaw allows attackers to inject and execute arbitrary commands on the host system by crafting malicious catalog YAML files. The vulnerability impacts versions of Intake up to and including 2.0.9, but a fix is available in version 2.0.9.
The core of this vulnerability lies in the automatic expansion of shell() syntax within parameter default values during catalog parsing. An attacker can embed malicious commands within a catalog YAML file using shell(<command>). When a user loads this crafted YAML, the embedded command is executed on the host system. The potential impact is significant, ranging from data exfiltration and system compromise to complete host takeover. This vulnerability resembles other OS Command Injection flaws, where attackers can leverage system utilities and APIs to achieve unauthorized access and control. The blast radius extends to any system processing these malicious catalogs.
CVE-2026-33310 was publicly disclosed on 2026-03-19. The vulnerability's severity is considered HIGH (CVSS: 8.8). Currently, there are no publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog as of this writing. Active exploitation campaigns are not currently confirmed, but the ease of exploitation and the potential impact warrant careful monitoring.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33310 is to immediately upgrade to Intake version 2.0.9 or later. If upgrading is not immediately feasible, consider implementing stricter input validation on catalog YAML files to prevent the inclusion of shell() syntax. Employing a Web Application Firewall (WAF) with rules to detect and block requests containing suspicious shell commands within YAML payloads can provide an additional layer of defense. Thoroughly review and sanitize all catalog sources before processing them to minimize the risk of command execution. After upgrading, confirm the fix by attempting to load a test catalog containing a benign shell() command; it should not execute.
Actualice el paquete Intake a la versión 2.0.9 o superior. Esto mitigará la vulnerabilidad de inyección de comandos al deshabilitar la expansión automática de la sintaxis shell() en los valores predeterminados de los parámetros.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33310 is a HIGH severity Command Injection vulnerability affecting Intake versions up to 2.0.9. It allows attackers to execute commands on the host system by crafting malicious catalog YAML files.
You are affected if you are using Intake version 2.0.9 or earlier. Upgrade to version 2.0.9 or later to resolve this vulnerability.
The recommended fix is to upgrade to Intake version 2.0.9 or later. As a temporary workaround, implement stricter input validation on catalog YAML files.
Active exploitation campaigns are not currently confirmed, but the vulnerability's potential impact warrants careful monitoring.
Refer to the official Intake documentation and security advisories for the most up-to-date information regarding CVE-2026-33310.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.