Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: python314Packages.podman

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-33414

created 2 hours ago

PowerShell Command Injection in Podman HyperV Machine

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations this means SYSTEM-level code execution, and only Windows is affected as the code is exclusive to the HyperV backend. This issue has been patched in version 5.8.2.

References

https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59 x_refsource_CONFIRM
https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed x_refsource_MISC

Affected products

podman

==>= 4.8.0, < 5.8.2

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

nixos-unstable 5.8.1
- nixpkgs-unstable 5.8.1
- nixos-unstable-small 5.8.1
nixos-25.11 5.7.0
- nixos-25.11-small 5.7.0
- nixpkgs-25.11-darwin 5.7.0

pkgs.podman-tui

Podman Terminal UI

nixos-unstable 1.11.1
- nixpkgs-unstable 1.11.1
- nixos-unstable-small 1.11.1
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.podman-bootc

Streamlining podman+bootc interactions

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.cockpit-podman

Cockpit UI for podman containers

nixos-unstable 124
- nixpkgs-unstable 124
- nixos-unstable-small 124

pkgs.podman-compose

Implementation of docker-compose with podman backend

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0
nixos-25.11 1.5.0
- nixos-25.11-small 1.5.0
- nixpkgs-25.11-darwin 1.5.0

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

nixos-unstable 1.23.1
- nixpkgs-unstable 1.26.2
- nixos-unstable-small 1.26.2
nixos-25.11 1.23.1
- nixos-25.11-small 1.23.1
- nixpkgs-25.11-darwin 1.23.1

pkgs.nomad-driver-podman

Podman task driver for Nomad

nixos-unstable 0.6.4
- nixpkgs-unstable 0.6.4
- nixos-unstable-small 0.6.4
nixos-25.11 0.6.3
- nixos-25.11-small 0.6.3
- nixpkgs-25.11-darwin 0.6.3

pkgs.python312Packages.podman

Python bindings for Podman's RESTful API

nixos-25.11 5.6.0
- nixos-25.11-small 5.6.0
- nixpkgs-25.11-darwin 5.6.0

pkgs.python313Packages.podman

Python bindings for Podman's RESTful API

nixos-unstable 5.7.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.6.0
- nixos-25.11-small 5.6.0
- nixpkgs-25.11-darwin 5.6.0

pkgs.python314Packages.podman

Python bindings for Podman's RESTful API

nixos-unstable 5.7.0
- nixpkgs-unstable 5.7.0
- nixos-unstable-small 5.7.0

Package maintainers

@lucasew Lucas Eduardo Wendt <lucas59356@gmail.com>
@alexandru0-dev Alexandru Nechita <alexandru.italia32+nixpkgs@gmail.com>
@andre4ik3 andre4ik3 <andre4ik3@fastmail.com>
@cpcloud Phillip Cloud
@vdemeester Vincent Demeester <vincent@sbr.pm>
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
@evan-goode Evan Goode <mail@evangoo.de>
@kaynetik Aleksandar Nesovic <aleksandar@nesovic.dev>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
@aaronjheng Aaron Jheng <wentworth@outlook.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

1