CVE-2026-46695
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.
Ver en NVDAnálisis
Boxlite presenta una vulnerabilidad crítica que permite a código malicioso remountar directorios de solo lectura con permisos de escritura al no restringir correctamente las capacidades del kernel en contenedores OCI. Un atacante puede aprovechar esto para realizar escrituras arbitrarias y comprometer el aislamiento del sandbox, afectando la integridad del sistema host. Se recomienda actualizar inmediatamente a la versión 0.9.0 para mitigar este riesgo de elevación de privilegios.
Roles relevantes
Severidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NCWE-284EPSS
Descripción técnica
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.