Description
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.
Published: 2026-06-10
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Boxlite, a sandbox service, fails to restrict kernel capabilities in containers before version 0.9.0. Malicious code running inside a container can remount a read‑only directory with read‑write permissions, allowing arbitrary writes to files that should be immutable. This privilege‑bypass flaw, categorized as CWE‑284, enables an attacker to tamper with critical configuration or data files, potentially compromising the integrity and confidentiality of the sandboxed environment.

Affected Systems

The vulnerability affects all Boxlite versions prior to 0.9.0 released by the vendor boxlite‑ai. The patch that resolves the issue is included in release v0.9.0.

Risk and Exploitability

With a CVSS score of 10, the flaw is considered critical. The EPSS metric is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires code execution within the Boxlite container; a user or attacker who can run arbitrary code inside the sandbox can remount a directory and modify its contents. The high severity rating reflects the potential for widespread data tampering once the vulnerability is abused.

Generated by OpenCVE AI on June 10, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Boxlite to version 0.9.0 or later, which contains the necessary fix.
  • If an upgrade cannot be performed immediately, configure the sandbox to run containers with a read‑only root filesystem and disable the ability to remount filesystems or alter kernel capabilities.
  • Review container images and runtime configurations to ensure no trusted or untrusted images attempt to remount or write to host directories, and enforce audit logging for mount operations.

Generated by OpenCVE AI on June 10, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g6ww-w5j2-r7x3 BoxLite: Permission Bypass Allows Modification of Read-Only Files
History

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.
Title BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T22:20:44.589Z

Reserved: 2026-05-15T23:26:58.308Z

Link: CVE-2026-46695

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:47.747

Modified: 2026-06-10T23:16:47.747

Link: CVE-2026-46695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:30:44Z

Weaknesses