CVE ID :CVE-2026-33310 Published : March 24, 2026, 1:17 p.m. | 50 minutes ago Description :Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell(), the command may be executed when the catalog source is accessed. This means that if a user loads a malicious catalog YAML, embedded commands could execute on the host system. Version 2.0.9 mitigates the issue by making getshell False by default everywhere. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...