airalogy-engine (=0.0.2) potentially affected by CVE-2026-47213 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-47213 Source advisory: OSV:GHSA-XJHV-PP2R-6F82...

GHSA-XJHV-PP2R-6F82 BoxLite has a Timeout Bypass Vulnerability

Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...

BoxLite has a Timeout Bypass Vulnerability

Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...

PT-2026-45035

Name of the Vulnerable Software and Affected Versions Boxlite versions 0.8.2 and earlier Description Boxlite is a sandbox service that enables the creation of lightweight virtual machines to run untrusted code within OCI containers. The service allows users to configure a timeout for processes...

airalogy-engine (=0.0.2) potentially affected by CVE-2026-46703 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46703 Source advisory: OSV:GHSA-F396-4RP4-7V2J...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46703 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46703 Source advisory: OSV:GHSA-F396-4RP4-7V2J...

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

GHSA-G6WW-W5J2-R7X3 BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

airalogy-engine (=0.0.2) potentially affected by CVE-2026-46695 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...

BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...

PT-2026-42624

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...

CVE-2026-47213

creationtimestamp| type| source ---|---|--- 2026-05-19 13:11:58+00:00| published-proof-of-concept| https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-xjhv-pp2r-6f82 2026-06-11 02:00:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mny4w26ina2i...

RUSTSEC-2026-0147 Read-only volume remount bypass via guest CAP_SYS_ADMIN

Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...

CVE-2026-46695

creationtimestamp| type| source ---|---|--- 2026-05-16 09:54:51+00:00| published-proof-of-concept| https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3 2026-06-11 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnxwahnqhu2e 2026-06-11 01:00:59+00:0...

airalogy-engine (=0.0.2) potentially affected by CVE-2026-46695 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46695 Source advisory: SNYK:PYTHON-BOXLITE-16787350...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: SNYK:JS-BOXLITEAIBOXLITE-16787353...

Symlink Attack

Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46703 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46703 Source advisory: SNYK:JS-BOXLITEAIBOXLITE-16787373...

PT-2026-42210

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers. The software fails to properly validate symlink targets when extracting OCI image layer...