cbcvebase.

Boxlite-Ai Boxlite vulnerabilities

3 known vulnerabilities affecting boxlite-ai/boxlite.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-46695P2CRITICALCVSS 10.0fixed in 0.9.02026-06-10
CVE-2026-46695 [CRITICAL] CWE-284 CVE-2026-46695: Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and la Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to tha
ghsanvd
CVE-2026-46703P2CRITICALCVSS 9.6fixed in 0.9.02026-06-10
CVE-2026-46703 [CRITICAL] CWE-22 CVE-2026-46703: Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and la Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possi
ghsanvd
CVE-2026-47213P3MEDIUMCVSS 6.5≤ 0.8.22026-06-10
CVE-2026-47213 [MEDIUM] CWE-404 CVE-2026-47213: Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and la Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, Boxlite sends a signal to kill the process.
ghsanvd
Boxlite-Ai Boxlite vulnerabilities | cvebase