What is CVE-2026-46695?

CVE-2026-46695 is a critical-severity vulnerability, classified under Improper Access Control. CVSS score: 10.0/10. Published 2026-06-10.

How severe is CVE-2026-46695?

Critical severity. CVSS v3 base score is 10.0 out of 10.

CVE-2026-46695

CVE-2026-46695

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available…

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-46695?: CVE-2026-46695 is a critical-severity vulnerability, classified under Improper Access Control. CVSS score: 10.0/10. Published 2026-06-10.
How severe is CVE-2026-46695?: Critical severity. CVSS v3 base score is 10.0 out of 10.