CVE-2026-46703
Deferred Deferred - Pending Action
Symlink Arbitrary File Write in Boxlite Sandbox

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-46703
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
boxlite boxlite to 0.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability arises from processing OCI images containing symlinks pointing to absolute paths that allow arbitrary file writes on the host system. Detection involves inspecting OCI images before loading them into Boxlite to identify malicious symlinks.

You can manually inspect the tar layers of OCI images for symlinks with absolute paths that could lead to path traversal outside the sandbox.

Suggested commands to detect suspicious symlinks in OCI image tarballs include:

  • Extract the OCI image layers (tar files) locally.
  • Use the following command to find symlinks with absolute paths inside the extracted layer directories:
  • find <extracted_layer_dir> -type l -exec ls -l {} \; | grep '^l.* -> /'
  • This command lists all symlinks whose targets start with a slash (/), indicating absolute paths.

If such symlinks are found, the OCI image may be malicious and vulnerable to exploitation of CVE-2026-46703.

Additionally, monitoring file writes to sensitive host paths during or after loading OCI images in Boxlite could help detect exploitation attempts.

Executive Summary

Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers to execute untrusted code. Before version 0.9.0, Boxlite did not properly handle symbolic links in OCI image tar entries that pointed to absolute paths. An attacker can create a malicious OCI image with such symlinks and distribute it on platforms like DockerHub. When a user loads this malicious image, the attacker can write arbitrary content to any location on the host system.

This vulnerability can lead to remote code execution on the host machine because the attacker can manipulate files outside the sandbox environment.

Impact Analysis

This vulnerability can have severe impacts including unauthorized modification of files on the host system, potentially leading to remote code execution. An attacker exploiting this flaw can gain control over the host machine, compromising its integrity, confidentiality, and availability.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Boxlite to version 0.9.0 or later, where the issue has been patched.

Avoid using untrusted OCI images from public image hosting platforms such as DockerHub until you have verified their safety.

Compliance Impact

This vulnerability allows an attacker to write arbitrary content to any path on the host and potentially execute remote code. Such unauthorized access and control over host systems can lead to data breaches, unauthorized data modification, and loss of system integrity.

Consequently, this can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data, prevention of unauthorized access, and maintaining system security to safeguard personal and health information.

Organizations using vulnerable versions of Boxlite may face increased risk of non-compliance due to potential data exposure or system compromise resulting from this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46703. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart