CyberSec.Space Logo
Back to CVE Browser

CVE-2026-46695

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile1.68th
PublishedJun 10, 2026
Last ModifiedJun 11, 2026

Vulnerability Description

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

šŸ”— https://github.com/boxlite-ai/boxlite/pull/454
šŸ”— https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0
šŸ”— https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3
šŸ”— https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3

Related Vulnerabilities

CVE-2026-1052010.0

An OS Command Injection vulnerabilityĀ in IvantiĀ Sentry beforeĀ theĀ R10.5.2, R10.6.2 and R10.7.1Ā versionsĀ allowsĀ a remote unauthenti...

CVE-2026-4830310.0

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that c...

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2026-4713710.0

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced...