Description
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere.
Published: 2026-03-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows the shell() syntax within parameter defaults of Intake catalog files to be automatically expanded during parsing. An attacker who can supply a malicious catalog can include a shell(<command>) expression that will run when the catalog source is accessed, resulting in arbitrary code execution on the host. The weakness aligns with command injection and dynamic code execution, as enumerated by the associated CWEs.

Affected Systems

All installations of the Intake data handling package prior to version 2.0.9 are affected. The problem originates in catalogs that use parameter defaults with the shell() keyword, so any user or process that loads such a catalog is at risk. The fix is limited to versions 2.0.9 and later, which default the getshell flag to False for all catalog entries.

Risk and Exploitability

The CVSS score of 8.8 marks the issue as high severity, indicating significant potential impact. The EPSS score below 1% suggests the likelihood of exploitation is currently low, and the vulnerability is not cataloged in the CISA Known Exploited Vulnerabilities list. However, if an attacker controls the catalog or can influence its content, the attack vector is straightforward: provide a malicious YAML file that is parsed by the Intake application, leading to local command execution on the host system."

Generated by OpenCVE AI on March 25, 2026 at 23:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Intake version 2.0.9 or later where getshell is turned off by default
  • If upgrading is not immediately possible, manually review or sanitize catalog files to remove shell() expressions
  • Consider disabling the Intake catalog parsing feature in environments where it is not required
  • Continuously monitor for additional advisories related to Intake or similar data ingestion tools

Generated by OpenCVE AI on March 25, 2026 at 23:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-37g4-qqqv-7m99 Intake has a Command Injection via shell() Expansion in Parameter Defaults
History

Wed, 25 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:intake:intake:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Intake
Intake intake
Vendors & Products Intake
Intake intake

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(<command>), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere.
Title Intake has a Command Injection via shell() Expansion in Parameter Defaults
Weaknesses CWE-78
CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Intake Intake
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-24T15:36:17.300Z

Reserved: 2026-03-18T21:23:36.676Z

Link: CVE-2026-33310

cve-icon Vulnrichment

Updated: 2026-03-24T15:36:07.105Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T14:16:30.130

Modified: 2026-03-25T20:54:34.937

Link: CVE-2026-33310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:19:43Z

Weaknesses