Boxlite

Boxlite, a sandbox service, allows malicious code within a container to bypass read-only restrictions on mounted host directories using virtiofs, due to missing hypervisor-level enforcement and unrestricted kernel capabilities, leading to potential code execution on the host and supply chain risks.