{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33310", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T21:23:36.676Z", "datePublished": "2026-03-24T13:17:38.572Z", "dateUpdated": "2026-03-24T15:36:17.300Z"}, "containers": {"cna": {"title": "Intake has a Command Injection via shell() Expansion in Parameter Defaults", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/intake/intake/security/advisories/GHSA-37g4-qqqv-7m99", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/intake/intake/security/advisories/GHSA-37g4-qqqv-7m99"}, {"name": "https://github.com/intake/intake/commit/d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b", "tags": ["x_refsource_MISC"], "url": "https://github.com/intake/intake/commit/d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b"}], "affected": [{"vendor": "intake", "product": "intake", "versions": [{"version": "< 2.0.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T13:17:38.572Z"}, "descriptions": [{"lang": "en", "value": "Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere."}], "source": {"advisory": "GHSA-37g4-qqqv-7m99", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T15:35:28.820952Z", "id": "CVE-2026-33310", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:36:17.300Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33310", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T15:35:28.820952Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:36:07.105Z"}}], "cna": {"title": "Intake has a Command Injection via shell() Expansion in Parameter Defaults", "source": {"advisory": "GHSA-37g4-qqqv-7m99", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "intake", "product": "intake", "versions": [{"status": "affected", "version": "< 2.0.9"}]}], "references": [{"url": "https://github.com/intake/intake/security/advisories/GHSA-37g4-qqqv-7m99", "name": "https://github.com/intake/intake/security/advisories/GHSA-37g4-qqqv-7m99", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/intake/intake/commit/d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b", "name": "https://github.com/intake/intake/commit/d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T13:17:38.572Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33310", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:36:17.300Z", "dateReserved": "2026-03-18T21:23:36.676Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T13:17:38.572Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intake:intake:*:*:*:*:*:*:*:*", "matchCriteriaId": "46D0915D-89C6-4029-A014-D5CF00C57F81", "versionEndExcluding": "2.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere."}], "id": "CVE-2026-33310", "lastModified": "2026-03-25T20:54:34.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T14:16:30.130", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/intake/intake/commit/d0c0b6b57c1cb3f73880655ded4a9b0e18e1fd1b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/intake/intake/security/advisories/GHSA-37g4-qqqv-7m99"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "intake", "source": "cna", "vendor": "intake"}, "product": "intake", "vendor": "intake"}], "analysis": {"en": {"generated_at": "2026-03-25T23:49:24.051736+00:00", "value": {"mitigation_remediation": ["Upgrade to Intake version 2.0.9 or later where getshell is turned off by default", "If upgrading is not immediately possible, manually review or sanitize catalog files to remove shell() expressions", "Consider disabling the Intake catalog parsing feature in environments where it is not required", "Continuously monitor for additional advisories related to Intake or similar data ingestion tools"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of the Intake data handling package prior to version 2.0.9 are affected. The problem originates in catalogs that use parameter defaults with the shell() keyword, so any user or process that loads such a catalog is at risk. The fix is limited to versions 2.0.9 and later, which default the getshell flag to False for all catalog entries.", "description_and_impact": "The vulnerability allows the shell() syntax within parameter defaults of Intake catalog files to be automatically expanded during parsing. An attacker who can supply a malicious catalog can include a shell(<command>) expression that will run when the catalog source is accessed, resulting in arbitrary code execution on the host. The weakness aligns with command injection and dynamic code execution, as enumerated by the associated CWEs.", "risk_and_exploitability": "The CVSS score of 8.8 marks the issue as high severity, indicating significant potential impact. The EPSS score below 1% suggests the likelihood of exploitation is currently low, and the vulnerability is not cataloged in the CISA Known Exploited Vulnerabilities list. However, if an attacker controls the catalog or can influence its content, the attack vector is straightforward: provide a malicious YAML file that is parsed by the Intake application, leading to local command execution on the host system.\""}}}}, "created": "2026-03-25T11:47:37.270489+00:00", "updated": "2026-03-26T12:19:43.650425+00:00", "vendors": ["intake", "intake$PRODUCT$intake"]}