AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-f396-4rp4-7v2j: Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

criticalvulnerability

security

Source: GitHub Advisory DatabaseMay 21, 2026CVE-2026-46703

Summary

Boxlite, a sandbox service for running containers, has a path traversal vulnerability (a security flaw where attackers can access files outside intended boundaries) in how it extracts container images. When processing tar files (compressed archives), Boxlite doesn't validate symlink targets (shortcuts to files or directories), allowing an attacker to create a malicious container image that writes files anywhere on the host system, potentially leading to remote code execution (running unauthorized commands on the computer).

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

May 21, 2026

Classification

Attack Type

Supply Chain

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Affected Vendors

Affected Packages

github.com/boxlite-ai/boxlite/sdks/go@< 0.9.0 (fixed: 0.9.0)@boxlite-ai/boxlite@< 0.9.0 (fixed: 0.9.0)boxlite@< 0.9.0 (fixed: 0.9.0)boxlite-cli@< 0.9.0 (fixed: 0.9.0)boxlite@< 0.9.0 (fixed: 0.9.0)

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Similar attackNVD/CVE Database

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attack

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-f396-4rp4-7v2j

First tracked: May 21, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 85%