Skip to main content

Crabbox CVE-2026-8634

| EUVDEUVD-2026-30418 CRITICAL
Code Injection (CWE-94)
2026-05-14 VulnCheck GHSA-fm77-94qm-4894
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
May 14, 2026 - 20:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 14, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
May 14, 2026 - 20:22 NVD
9.1 (CRITICAL) 9.3 (CRITICAL)
Source Code Evidence Fetched
May 14, 2026 - 19:47 vuln.today
Analysis Generated
May 14, 2026 - 19:47 vuln.today
CVE Published
May 14, 2026 - 19:18 nvd
CRITICAL 9.1

DescriptionCVE.org

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit overly permissive environment variable allowlisting in repo-local Crabbox configuration to serialize sensitive environment variables into remote command execution, exposing credentials to the remote environment.

AnalysisAI

Crabbox versions before 0.12.0 leak local secrets through environment variable forwarding during remote command execution. When users run commands against malicious or compromised repositories, attackers exploit overly permissive environment variable allowlisting in repository-local configuration files to exfiltrate API tokens, cloud credentials, and broker tokens into the remote execution environment. The vendor released v0.12.0 on May 12, 2026 with fixes including --allow-env explicit allowlisting and --env-from-profile for safer secret forwarding. No public exploit identified at time of analysis, though the attack surface is straightforward for attackers controlling repository configuration.

Technical ContextAI

Crabbox is a remote development environment orchestration tool that provisions ephemeral compute leases (AWS, Azure, Proxmox, Tensorlake sandboxes) and executes commands remotely. The vulnerability stems from CWE-94 (Improper Control of Generation of Code / Code Injection) where repo-local .crabbox configuration files can define environment variable allowlists that Crabbox honors during crabbox run command execution. Prior to v0.12.0, attackers controlling a repository's Crabbox configuration could specify overly broad environment patterns (e.g., ALLOW_ENV=* or targeting common secret variable names like AWS_ACCESS_KEY_ID, GITHUB_TOKEN, NPM_TOKEN) that serialize the developer's local shell environment into the remote execution context. This differs from classic RCE in that the attacker doesn't inject arbitrary code execution primitives but rather exfiltrates existing secrets by manipulating the legitimate environment forwarding mechanism. The CVSS 4.0 vector shows network attack vector with low complexity, no privileges required, and high confidentiality/integrity impact to the vulnerable system (the developer's local environment) with no impact to subsequent systems (remote environment remains uncompromised beyond credential exposure).

RemediationAI

Upgrade to Crabbox v0.12.0 or later immediately (released May 12, 2026, commit eaae40ae4ce009e60633f16f7f19600c74557f6f). The patch replaces configuration-file-driven environment allowlisting with explicit command-line flags: --allow-env <name> for individual variables and --env-from-profile <file> for controlled secret forwarding with redaction in logs. Migration requires code review of all .crabbox configuration files in repositories to remove environment allowlist directives and transition to explicit CLI flags in CI/CD pipelines and developer workflows. For organizations unable to upgrade immediately, implement compensating controls: (1) Audit all .crabbox configuration files in repositories for environment variable allowlist directives and remove or restrict to non-sensitive variables only; (2) Use dedicated service accounts with minimal scoped credentials in environments where Crabbox runs, avoiding developer personal tokens; (3) Implement CRABBOX_DENY_ENV pattern matching to block known secret variable patterns like *_TOKEN, *_KEY, *_SECRET, AWS_*, GITHUB_* at the shell wrapper level before invoking Crabbox. Note that compensating controls are fragile as attackers controlling configuration can potentially override deny patterns. Organizations should prioritize upgrade over workarounds. Advisory references: https://github.com/openclaw/crabbox/pull/78 and https://www.vulncheck.com/advisories/crabbox-environment-variable-information-disclosure.

Share

CVE-2026-8634 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy