External risk intelligence

Boxlite Container Remount Vulnerability Allows Arbitrary Write Access.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-46695

A critical vulnerability in the Boxlite sandbox service allows malicious code within a container to gain unauthorized write access to read-only directories by remounting them. This could compromise the integrity of the sandbox environment. The relevance and exposure of this issue should be confirmed.

3Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-46695

Boxlite is a sandbox service designed to run untrusted code in containers. While the service itself may be deployed as an internet-facing platform to allow users to execute code, the specific vulnerability relates to internal container-to-host privilege escalation or directory access restrictions within the sandbox environment, rather than a direct, public-facing network service vulnerability.

PCI scan relevance

PCI Relevance for CVE-2026-46695

Yes

CVE-2026-46695 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This critical vulnerability in Boxlite allows malicious code to gain arbitrary write access to read-only directories, potentially leading to a PCI scan failure. The issue has been addressed in version 0.9.0.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in the Boxlite sandbox service, which allows for the execution of untrusted code within containers. The flaw enables malicious code to gain unauthorized write access to directories that should be read-only, potentially impacting the integrity of the sandbox environment. The main concern is confirming relevance and exposure.

Malicious code can write to read-only areas.
It affects how untrusted code is isolated.
Confirm if this sandbox service is in use.

Attack Path

How an attacker could exploit the issue

An attacker could target Boxlite by sending malicious code to a user creating a lightweight virtual machine. If the service runs this code without sufficient restrictions on kernel capabilities, the malicious program could gain unauthorized write access to directories that should be read-only. This could allow the attacker to modify sensitive system files or inject further malicious content.

Malicious code executed within a container.
Container can remount read-only directories.
Arbitrary write access to host directories.

Live Threat

Current exploitation, exposure, and threat context

When Boxlite fails to restrict kernel capabilities inside a container, malicious code could gain write access to directories that should be read-only. This occurs when the container can remount directories in read-write mode, allowing arbitrary modifications to these locations. The exact system data or user data at risk depends on which directories are accessible.

Untrusted code could modify sensitive system files.
Malicious code could exploit directory remounting.
System integrity could be compromised by unauthorized writes.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Security teams and platform owners are likely responsible for Boxlite, a service used to run untrusted code in containers. The first step is to identify all instances of Boxlite, determine their business criticality and network reachability, and assign ownership for remediation. Planning should then focus on upgrading to the patched version or implementing compensating controls.

Platform owners should manage this issue.
Verify all Boxlite deployments and reachability.
Plan upgrade or apply mitigation.

Frequently asked questions

What is Boxlite?

Boxlite is a specialized sandbox service designed to securely execute untrusted code. It achieves this by creating lightweight virtual machines, known as Boxes, which host OCI containers. Developers and organizations use it to provide a controlled environment for running third-party or unknown software without risking the integrity of the underlying host system.

What does CWE-284 mean for CVE-2026-46695?

CWE-284 refers to improper access control. In the context of this vulnerability, it means the Boxlite sandbox fails to enforce necessary restrictions on the container's capabilities. Because of this weakness, the system mistakenly allows code running inside a container to perform actions it should not be permitted to do, such as changing the permissions of read-only directories to gain write access.

How is this container vulnerability triggered?

The vulnerability is triggered when malicious code is executed within a Boxlite container that has not been updated to version 0.9.0. If the container lacks proper kernel capability restrictions, the code can issue commands to remount read-only directories in read-write mode. Notably, simply having the Boxlite service running does not trigger the bug; the code must be actively executed within a container for the unauthorized directory modification to occur.

Is my Boxlite instance at risk?

According to Halo Surface Signal, risk depends on how you have deployed the service. While Boxlite might be exposed to the internet to allow users to submit code, the vulnerability specifically involves internal container-to-host privilege escalation. You should evaluate whether your specific architecture allows untrusted code to interact with sensitive host-level directories, as this increases the potential impact of the flaw.

What should I do if I run Boxlite?

First, perform an inventory to locate all instances of the Boxlite service within your environment. Once identified, prioritize upgrading all deployments to version 0.9.0 or later, as this release includes the necessary patches to restrict kernel capabilities. If an immediate upgrade is not feasible, investigate isolating those specific sandbox instances from sensitive host system resources until the update can be applied.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.