{"data":{"id":"9e1fbf2e-fda2-4746-8bfb-68b256bb8341","title":"GHSA-g6ww-w5j2-r7x3: BoxLite: Permission Bypass Allows Modification of Read-Only Files","summary":"BoxLite is a sandbox service that runs untrusted code in lightweight virtual machines (VMs, which are isolated computing environments). It claims to protect host files by mounting directories in read-only mode (preventing writes), but the vulnerability bypasses this: BoxLite tells the underlying VM system (libkrun) to mount directories without actually enforcing read-only restrictions, and it doesn't limit container capabilities (special permissions), so malicious code can remount directories as read-write and modify files that should be protected.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-g6ww-w5j2-r7x3","publishedAt":"2026-05-21T21:52:51.000Z","cveId":"CVE-2026-46695","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["boxlite-cli@< 0.9.0 (fixed: 0.9.0)","boxlite@< 0.9.0 (fixed: 0.9.0)","github.com/boxlite-ai/boxlite/sdks/go@< 0.9.0 (fixed: 0.9.0)","@boxlite-ai/boxlite@< 0.9.0 (fixed: 0.9.0)","boxlite@< 0.9.0 (fixed: 0.9.0)"],"affectedVendors":[],"affectedVendorsRaw":["BoxLite"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-21T21:52:51.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}