PyPI: boxlite
CVE-2026-46695
Safety vulnerability ID: SFTY-20260521-12372
Safety legacy ID: pyup.io-98861
Affected versions of the boxlite package are vulnerable to Improper Access Control due to the read_only mount flag not being propagated to the virtiofs hypervisor configuration. In boxlite/src/vmm/krun/engine.rs the Krun::create() loop logs share.read_only as ro or rw but invokes ctx.add_virtiofs() with only the share tag and host path, and the underlying FFI in boxlite/src/vmm/krun/context.rs accepts no read-only parameter, so the MS_RDONLY enforcement applied after VM start can be removed by a guest that retains the kernel capabilities required to remount the share. Malicious code executing inside the sandbox can remount a directory advertised as read-only in read-write mode and tamper with host files such as credentials, virtual environments, or user code, leading to code execution on the host.
Overview
BoxLite: Permission Bypass Allows Modification of Read-Only Files
Advisory
Affected versions of the boxlite package are vulnerable to Improper Access Control due to the read_only mount flag not being propagated to the virtiofs hypervisor configuration. In boxlite/src/vmm/krun/engine.rs the Krun::create() loop logs share.read_only as ro or rw but invokes ctx.add_virtiofs() with only the share tag and host path, and the underlying FFI in boxlite/src/vmm/krun/context.rs accepts no read-only parameter, so the MS_RDONLY enforcement applied after VM start can be removed by a guest that retains the kernel capabilities required to remount the share. Malicious code executing inside the sandbox can remount a directory advertised as read-only in read-write mode and tamper with host files such as credentials, virtual environments, or user code, leading to code execution on the host.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260521-12372/CVE-2026-46695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46695
- https://github.com/advisories/GHSA-G6WW-W5J2-R7X3
- https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3
- https://github.com/boxlite-ai/boxlite/pull/454
- https://rustsec.org/advisories/RUSTSEC-2026-0147.html
- https://github.com/advisories/GHSA-g6ww-w5j2-r7x3
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more