WinBoat: Drive by Client RCE Sandbox escape.

A remote webpage can abuse an unauthenticated guest HTTP API to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.