Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit overly permissive environment variable allowlisting in repo-local Crabbox configuration to serialize sensitive environment variables into remote command execution, exposing credentials to the remote environment.
AnalysisAI
Crabbox versions before 0.12.0 leak local secrets through environment variable forwarding during remote command execution. When users run commands against malicious or compromised repositories, attackers exploit overly permissive environment variable allowlisting in repository-local configuration files to exfiltrate API tokens, cloud credentials, and broker tokens into the remote execution environment. The vendor released v0.12.0 on May 12, 2026 with fixes including --allow-env explicit allowlisting and --env-from-profile for safer secret forwarding. No public exploit identified at time of analysis, though the attack surface is straightforward for attackers controlling repository configuration.
Technical ContextAI
Crabbox is a remote development environment orchestration tool that provisions ephemeral compute leases (AWS, Azure, Proxmox, Tensorlake sandboxes) and executes commands remotely. The vulnerability stems from CWE-94 (Improper Control of Generation of Code / Code Injection) where repo-local .crabbox configuration files can define environment variable allowlists that Crabbox honors during crabbox run command execution. Prior to v0.12.0, attackers controlling a repository's Crabbox configuration could specify overly broad environment patterns (e.g., ALLOW_ENV=* or targeting common secret variable names like AWS_ACCESS_KEY_ID, GITHUB_TOKEN, NPM_TOKEN) that serialize the developer's local shell environment into the remote execution context. This differs from classic RCE in that the attacker doesn't inject arbitrary code execution primitives but rather exfiltrates existing secrets by manipulating the legitimate environment forwarding mechanism. The CVSS 4.0 vector shows network attack vector with low complexity, no privileges required, and high confidentiality/integrity impact to the vulnerable system (the developer's local environment) with no impact to subsequent systems (remote environment remains uncompromised beyond credential exposure).
RemediationAI
Upgrade to Crabbox v0.12.0 or later immediately (released May 12, 2026, commit eaae40ae4ce009e60633f16f7f19600c74557f6f). The patch replaces configuration-file-driven environment allowlisting with explicit command-line flags: --allow-env <name> for individual variables and --env-from-profile <file> for controlled secret forwarding with redaction in logs. Migration requires code review of all .crabbox configuration files in repositories to remove environment allowlist directives and transition to explicit CLI flags in CI/CD pipelines and developer workflows. For organizations unable to upgrade immediately, implement compensating controls: (1) Audit all .crabbox configuration files in repositories for environment variable allowlist directives and remove or restrict to non-sensitive variables only; (2) Use dedicated service accounts with minimal scoped credentials in environments where Crabbox runs, avoiding developer personal tokens; (3) Implement CRABBOX_DENY_ENV pattern matching to block known secret variable patterns like *_TOKEN, *_KEY, *_SECRET, AWS_*, GITHUB_* at the shell wrapper level before invoking Crabbox. Note that compensating controls are fragile as attackers controlling configuration can potentially override deny patterns. Organizations should prioritize upgrade over workarounds. Advisory references: https://github.com/openclaw/crabbox/pull/78 and https://www.vulncheck.com/advisories/crabbox-environment-variable-information-disclosure.
Authentication bypass in Crabbox versions prior to v0.12.0 allows authenticated attackers with shared-token access to im
Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to
Authentication bypass in Crabbox coordinator allows privilege escalation to full admin access. Attackers holding valid l
Path traversal in Crabbox <0.9.0 allows local attackers to delete or overwrite arbitrary files via malicious .crabbox.ya
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30418
GHSA-fm77-94qm-4894