SecBoard
Zurück zur CVE-Übersicht

CVE-2026-8621

HIGH(8.8)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Risk Signal Score22/100 — NIEDRIG
  • CVSS 8.8 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.8

Technische Schwere

Beschreibung

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token to bypass authorization checks and access owner/org-scoped lease operations belonging to victim accounts.

GitHub Advisories

GHSA-4g9m-rffv-h6wqHIGH

Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers

go/github.com/openclaw/crabbox0.12.0
GitHub Advisory

Referenzen