CVE-2026-46703
OCI layer symlink escape → arbitrary host write
Description
Affected versions of `boxlite` extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path (e.g. `escape -> /tmp`) followed by a file entry that resolves through that symlink (e.g. `escape/<path>/pwned.txt`) caused the extractor to write the payload to the host filesystem outside the intended rootfs directory. The fix in v0.9.0 routes every destructive filesystem operation through a `SafeRoot` handle (`openat2(RESOLVE_IN_ROOT)` on Linux, lexical fallback elsewhere) so that no tar entry can resolve outside the extraction root, even with adversarial symlinks placed by earlier entries in the same layer. This is a container-escape during image extraction, exploitable by any user who pulls or loads a malicious OCI image — including via `SimpleBox(rootfs_path=...)` from an untrusted local layout.
How to fix CVE-2026-46703
To remediate CVE-2026-46703, upgrade the affected package to a fixed version below.
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
Is CVE-2026-46703 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-46703.
Affected packages (6)
- from 0, < 0.9.0
- >= 0.0.0-0, < 0.9.0
- from 0, < 0.9.0
- from 0, < 0.9.0
- from 0, < 0.9.0
- from 0, < 0.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |