{"vulnerability": "CVE-2026-46703", "sightings": [{"uuid": "f1f34b64-67df-4272-a2b4-cade075d8dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46703", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxzmkp6552n", "content": "\ud83d\udd34 CVE-2026-46703 - Critical (9.6)\n\nBoxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-46703/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T01:01:07.026549Z"}, {"uuid": "e3478cff-c98a-46a8-90ba-4ed72f035e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46703", "type": "published-proof-of-concept", "source": "https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j", "content": "", "creation_timestamp": "2026-05-16T10:58:07.000000Z"}, {"uuid": "2c8e4d34-3b8b-4a2d-9af6-c801e9fa062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46703", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mny3azh3772f", "content": "Boxlite (<0.9.0) CRITICAL flaw: attackers can write files anywhere on host via crafted OCI images \u2014 possible RCE risk. Upgrade to 0.9.0+ ASAP! https://radar.offseq.com/threat/cve-2026-46703-cwe-22-improper-limitation-of-a-pat-fb9f1664 #OffSeq #CVE202646703 #ContainerSecurity", "creation_timestamp": "2026-06-11T01:30:26.869189Z"}, {"uuid": "3114f2f7-b9ee-4f1c-b85c-7149b86dbf2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46703", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116728884364901430", "content": "\ud83d\udea8 CRITICAL vuln in boxlite-ai Boxlite (<0.9.0): Malicious OCI images can exploit CWE-22 path traversal to write files anywhere on the host, leading to potential RCE. Upgrade to v0.9.0 ASAP. CVE-2026-46703. https://radar.offseq.com/threat/cve-2026-46703-cwe-22-improper-limitation-of-a-pat-fb9f1664 #OffSeq #CVE202646703 #ContainerSecurity", "creation_timestamp": "2026-06-11T07:04:43.279040Z"}, {"uuid": "1e4e4167-2734-4f0c-af23-6dadb2636cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46703", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnybrfpang2d", "content": "CVE-2026-46703 - BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host\nCVE ID : CVE-2026-46703\n \n Published : June 10, 2026, 11:16 p.m. | 2\u00a0hours, 48\u00a0minutes ago\n \n Description : Boxlite is a sandbox service that allows users to create ligh...", "creation_timestamp": "2026-06-11T03:26:58.561704Z"}]}