CVE-2026-46703

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0

Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers. The software fails to properly validate symlink targets when extracting OCI image layer tarballs. Specifically, the extract layer tarball streaming() function passes data to apply oci layer(), which creates symlinks via create symlink() without verifying if the target path remains within the extraction root. Furthermore, the ensure parent dirs() function explicitly preserves symlinks that point to directories, and create regular file() uses OpenOptions::open(), which follows these symlinks by default.

An attacker can craft a malicious OCI image containing a symlink pointing to an absolute path on the host (e.g., escape pointing to /tmp). When a user loads this image, subsequent file entries resolving through that symlink allow the attacker to write arbitrary content to any path on the host filesystem. Since the service often runs with root privileges on Linux, this can lead to remote code execution, for example, by writing a public key into the host's authorized keys file.

Recommendations Update to version 0.9.0, which implements a SafeRoot handle using openat2(RESOLVE IN ROOT) on Linux to ensure no tar entry can resolve outside the extraction root.