29 matches found
CVE-2026-46703
Summary of CVE-2026-46703 (Boxlite) : The vulnerability occurs when Boxlite extracts OCI image layer tarballs. A tar entry of type SYMLINK can point to an absolute host path (for example, escape -> /tmp), and subsequent file entries resolve through that symlink, enabling writes outside the ext...
CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
GHSA-F396-4RP4-7V2J Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...
PT-2026-42210
Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers. The software fails to properly validate symlink targets when extracting OCI image layer...
CVE-2026-28459
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
GO-2026-4357 Incus container image templating arbitrary host file read and write in github.com/lxc/incus
Incus container image templating arbitrary host file read and write in github.com/lxc/incus...
PT-2026-6517
Incus container image templating arbitrary host file read and write in github.com/lxc/incus...
SUSE CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the 'incus' group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954
Incus CVE-2026-23954 affects versions 6.21.0 and below. The issue arises when launching a container with a custom image (e.g., incus group member) using templating in metadata.yaml, where directory traversal or symbolic links in source/target paths are not checked, enabling host arbitrary file re...
EUVD-2026-3803
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954 Incus container image templating arbitrary host file read and write
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954 Incus container image templating arbitrary host file read and write
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...
GHSA-7F67-CRQM-JGH7 Incus container image templating arbitrary host file read and write
Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...
Incus container image templating arbitrary host file read and write
Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...
PT-2026-4295
Name of the Vulnerable Software and Affected Versions Incus versions 6.21.0 and below IncusOS affected versions not specified Description Incus is a system container and virtual machine manager. A flaw exists where a user capable of launching containers with custom images e.g., a member of the...