[NEU] [mittel] Podman HyperV Machine: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten

A new vulnerability has been published concerning Podman's HyperV machine feature. This flaw, tracked within the CERT-Bund advisory WID-SEC-2026-1115, could allow an attacker to execute arbitrary code with administrator-level privileges on the host system. This represents a significant elevation of privilege risk for affected systems.

Organizations across all sectors using Podman Desktop on Windows, specifically those with the "Podman machine" feature configured to use the HyperV backend, are potentially affected. The vulnerability is relevant for entities within the scope of the EU's Digital Markets Act (DMA) that utilize this software, as it pertains to core security obligations for gatekeeper platforms and their business users.

Compliance teams should immediately coordinate with their IT security counterparts to identify any use of the affected Podman configuration. The next steps are to assess the exposure level, apply available patches or mitigations as prescribed by the vendor, and document these actions as part of ongoing security compliance records. Monitoring for further updates from CERT-Bund or the software vendor is also essential.