{"id":"RUSTSEC-2026-0148","summary":"OCI layer symlink escape → arbitrary host write","details":"Affected versions of `boxlite` extract OCI image layer tarballs without\nfully containing path resolution to the extraction root. A crafted layer\ncontaining a symlink whose target is an absolute on-host path (e.g.\n`escape -\u003e /tmp`) followed by a file entry that resolves through that\nsymlink (e.g. `escape/\u003cpath\u003e/pwned.txt`) caused the extractor to write\nthe payload to the host filesystem outside the intended rootfs directory.\n\nThe fix in v0.9.0 routes every destructive filesystem operation through a\n`SafeRoot` handle (`openat2(RESOLVE_IN_ROOT)` on Linux, lexical fallback\nelsewhere) so that no tar entry can resolve outside the extraction root,\neven with adversarial symlinks placed by earlier entries in the same\nlayer.\n\nThis is a container-escape during image extraction, exploitable by any\nuser who pulls or loads a malicious OCI image — including via\n`SimpleBox(rootfs_path=...)` from an untrusted local layout.","aliases":["CVE-2026-46703","GHSA-f396-4rp4-7v2j"],"modified":"2026-05-20T10:15:04.018246806Z","published":"2026-05-16T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/boxlite"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0148.html"},{"type":"ADVISORY","url":"https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j"},{"type":"WEB","url":"https://github.com/boxlite-ai/boxlite/pull/429"},{"type":"WEB","url":"https://github.com/boxlite-ai/boxlite/pull/446"},{"type":"WEB","url":"https://github.com/boxlite-ai/boxlite/pull/461"}],"affected":[{"package":{"name":"boxlite","ecosystem":"crates.io","purl":"pkg:cargo/boxlite"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.9.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0148.json","categories":["privilege-escalation","file-disclosure"]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}