Threats Tagged 'cve-2026-46703'
View all threats tagged with 'cve-2026-46703'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-46703'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-46703: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in boxlite-ai boxliteCVE-2026-46703 0 Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0. Join the discussion | CVE Database V5 | 06/10/2026, 22:20:24 UTC Added: 06/10/2026, 22:32:03 UTC |
Showing 1 to 1 of 1 result