Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin token can craft a user-token payload with admin: true, sign it using HMAC-SHA256, and present it to admin-only coordinator routes to gain full coordinator admin access including lease visibility, pool state management, and forced release operations.
AnalysisAI
Authentication bypass in Crabbox coordinator allows privilege escalation to full admin access. Attackers holding valid low-privilege user tokens can inject an admin claim into the token payload, sign it with HMAC-SHA256, and authenticate to admin-restricted coordinator endpoints. This grants unauthorized access to lease visibility across all users, pool state management, and forced release operations. Patch available in version 0.9.0 with upstream commit confirmed. No active exploitation (CISA KEV) or public POC identified at time of analysis, but CVSS 8.8 reflects network-accessible attack with low complexity once initial authentication is obtained.
Technical ContextAI
Crabbox is an infrastructure coordination service (cpe:2.3:a:openclaw:crabbox) that manages compute leases across multiple providers including E2B, Daytona, Islo, and Namespace. The vulnerability exists in the JWT-style user token verification logic within the coordinator component. CWE-290 (Authentication Bypass by Spoofing) indicates the verifyUserToken() function trusts client-controlled claims without proper validation. In JWT architectures, the standard security model requires the authorization server to be the sole issuer of sensitive claims like admin privileges. This implementation failed to reject or sanitize admin claims in user-supplied token payloads before HMAC-SHA256 signature verification, allowing horizontal privilege escalation. The shared secret used for HMAC signing is apparently accessible to authenticated users, enabling them to forge valid signatures for modified payloads. Affected routes include admin-only coordinator endpoints governing cross-tenant lease visibility, resource pool state mutations, and forced lease termination.
RemediationAI
Upgrade immediately to Crabbox version 0.9.0 or later, which includes the verified fix in commit 46079f6de7f10cf61bc47efebd0c143a41664898 (https://github.com/openclaw/crabbox/commit/46079f6de7f10cf61bc47efebd0c143a41664898). The patch modifies verifyUserToken() to explicitly reject caller-provided admin claims before granting coordinator access, per release notes at https://github.com/openclaw/crabbox/releases/tag/v0.9.0. If immediate upgrade is not feasible, implement network-level access controls restricting coordinator admin endpoints to trusted IP ranges or internal management networks only, though this mitigation does not address insider threats or compromised low-privilege accounts within the trusted perimeter. Rotate all coordinator HMAC signing secrets after patching to invalidate any attacker-forged tokens, though this requires coordination across all legitimate users and may cause service disruption. Audit coordinator access logs for anomalous admin operations from accounts that should not have admin privileges, particularly lease queries spanning multiple tenants, pool state changes, or forced release commands. The trade-off for pre-patch network restrictions is reduced operational flexibility for legitimate remote administration.
Crabbox versions before 0.12.0 leak local secrets through environment variable forwarding during remote command executio
Authentication bypass in Crabbox versions prior to v0.12.0 allows authenticated attackers with shared-token access to im
Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to
Path traversal in Crabbox <0.9.0 allows local attackers to delete or overwrite arbitrary files via malicious .crabbox.ya
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29197
GHSA-27v8-7qqq-m35q