What is CVE-2026-8621?

CVE-2026-8621 is a high-severity vulnerability in Openclaw Crabbox, classified under Improper Authentication. CVSS score: 8.8/10. Published 2026-05-14.

How severe is CVE-2026-8621?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Openclaw Crabbox

CVE-2026-8621

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner a…

Vulnerability class: Broken Authentication

EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Openclaw Crabbox — versions 0, b657323f1d1c954cefc8444571fa6c45a8896e7f

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

disclosure@vulncheck.com (release-notes)
disclosure@vulncheck.com (issue-tracking)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-8621?: CVE-2026-8621 is a high-severity vulnerability in Openclaw Crabbox, classified under Improper Authentication. CVSS score: 8.8/10. Published 2026-05-14.
How severe is CVE-2026-8621?: High severity. CVSS v3 base score is 8.8 out of 10.