Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with traversal sequences to cause arbitrary file deletion and overwrite when sync.delete is enabled, as the workspace preparation logic executes rm -rf and mkdir -p operations on the resolved path without proper validation.
AnalysisAI
Path traversal in Crabbox <0.9.0 allows local attackers to delete or overwrite arbitrary files via malicious .crabbox.yaml configuration. When a user executes Crabbox commands with a crafted workspace configuration containing directory traversal sequences (e.g., '../../../'), the Islo provider performs rm -rf and mkdir -p on attacker-controlled paths outside /workspace. Patch available in v0.9.0 (commit 6b07193). No KEV listing or public POC identified, but exploitation requires only user interaction (opening/running a malicious project), not authentication or special privileges.
Technical ContextAI
Crabbox is a multi-provider sandbox/ephemeral environment orchestration tool (supporting Islo, E2B, Semaphore, Sprites, and other providers). The vulnerability exists in the Islo provider's workspace path resolution logic that prepares sandbox environments. CWE-22 (Path Traversal) occurs because user-controlled workspace paths from .crabbox.yaml or crabbox.yaml files are passed directly to filesystem operations without canonicalization or containment checks. The sync.delete feature exacerbates impact by invoking rm -rf on the unsanitized path, enabling arbitrary file deletion. The fix (commit 6b07193) implements workdir containment validation that rejects absolute paths and parent-directory escapes before sandbox creation.
RemediationAI
Upgrade to Crabbox v0.9.0 or later from https://github.com/openclaw/crabbox/releases/tag/v0.9.0, which implements workdir containment validation per commit 6b07193fb5670aac315ea47215651c67b8127868. Organizations unable to upgrade immediately should disable sync.delete in Islo provider configurations to prevent arbitrary file deletion, though file overwrite via mkdir -p remains possible - this is a partial mitigation with limited protection. Review and sanitize all .crabbox.yaml and crabbox.yaml files from untrusted sources before execution, treating them as executable code rather than benign configuration. Implement mandatory code review for any workspace configuration files in shared repositories, and consider filesystem sandboxing or container isolation for Crabbox execution environments to limit blast radius of path traversal.
Crabbox versions before 0.12.0 leak local secrets through environment variable forwarding during remote command executio
Authentication bypass in Crabbox versions prior to v0.12.0 allows authenticated attackers with shared-token access to im
Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to
Authentication bypass in Crabbox coordinator allows privilege escalation to full admin access. Attackers holding valid l
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29198
GHSA-3cjv-h753-qf7h