CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2026-46695

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile1.68th
Published2026年6月10日
Last Modified2026年6月11日

Vulnerability Description

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/boxlite-ai/boxlite/pull/454
🔗 https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0
🔗 https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3
🔗 https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3

相關漏洞威脅

CVE-2026-1052010.0

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenti...

CVE-2026-4713710.0

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced...

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2026-4714010.0

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as mo...