CVE-2026-33310
Published: 24 March 2026
Summary
CVE-2026-33310 is a high-severity OS Command Injection (CWE-78) vulnerability in Intake Intake. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely patching of Intake to version 2.0.9 or later, where shell expansion is disabled by default.
Ensures secure configuration of Intake by establishing and enforcing settings like getshell=False to prevent automatic shell command expansion during catalog parsing.
Validates YAML catalog inputs during parsing to reject or sanitize shell() syntax, preventing command injection from malicious catalogs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables RCE via user opening malicious YAML catalog file (T1204.002 Malicious File) that triggers automatic shell() expansion during parsing, directly facilitating arbitrary Unix shell command execution (T1059.004 Unix Shell).
NVD Description
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such…
more
as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere.
Deeper analysisAI
CVE-2026-33310 is a command injection vulnerability in the Intake Python package, which is used for finding, investigating, loading, and disseminating data. Prior to version 2.0.9, the shell() syntax embedded within parameter default values in catalog YAML files is automatically expanded during the catalog parsing process. This allows arbitrary commands specified in the form shell(<command>) to execute when a catalog source is accessed.
The vulnerability can be exploited by remote attackers with no privileges who trick a user into loading a malicious catalog YAML file, requiring user interaction such as opening the file in Intake. Successful exploitation leads to arbitrary command execution on the host system, with high impacts on confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It is associated with CWE-78 (OS Command Injection) and CWE-94 (Code Injection).
The Intake security advisory (GHSA-37g4-qqqv-7m99) and the fixing commit (d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b) detail the mitigation in version 2.0.9, which disables shell expansion by setting getshell to False by default across all contexts, preventing automatic command execution during catalog parsing.
Details
- CWE(s)