Openclaw Crabbox
5 CVEs affecting Openclaw Crabbox. Latest disclosed: 2026-05-14. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8634 | Critical | 9.1 | 2026-05-14 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to… |
CVE-2026-8621 | High | 8.8 | 2026-05-14 | Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organization… |
CVE-2026-45223 | High | 8.8 | 2026-05-11 | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails… |
CVE-2026-8629 | High | 8.1 | 2026-05-14 | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress… |
CVE-2026-45224 | High | 7.1 | 2026-05-11 | Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relat… |