CVE-2026-8629— Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8629
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints
Source: NVD (National Vulnerability Database)
Vulnerability Description
Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints to obtain bridge-agent tickets and impersonate trusted lease-side bridges despite having only visibility permissions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-8629
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 9806 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-8629
请登录查看更多情报信息。
- https://github.com/openclaw/crabbox/pull/71issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2026-8629
Same Patch Batch · openclaw · 2026-05-14 · 3 CVEs total
| CVE-2026-8634 | 9.1 CRITICAL | Crabbox < v0.12.0 Environment Variable Information Disclosure |
| CVE-2026-8621 | 8.8 HIGH | Crabbox < v0.12.0 Authentication Bypass via Header Spoofing |
IV. Related Vulnerabilities
Same product: crabbox
Same vendor: openclaw
- CVE-2026-8634
Crabbox < v0.12.0 Environment Variable Information Disclosur - CVE-2026-8621
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing - CVE-2026-45224
Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace R - CVE-2026-45223
Crabbox < 0.9.0 Authentication Bypass via Admin Claim Inject - CVE-2026-45006
OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway To
Same weakness: CWE-639
- CVE-2026-45666
Open WebUI: Indirect Object Reference (IDOR) in user notes - CVE-2026-44570
Open WebUI: Inconsistent authorization controls within memor - CVE-2026-45402
Open WebUI: Cross-User File Access via Unchecked file_id in - CVE-2026-45386
Open WebUI: An IDOR vulnerability exists in the pin_channel_ - CVE-2026-45398
Open WebUI: IDOR - Retrieval API Bypasses Knowledge Base Acc
V. Comments for CVE-2026-8629
No comments yet