CVE-2026-45223— Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45223
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin token can craft a user-token payload with admin: true, sign it using HMAC-SHA256, and present it to admin-only coordinator routes to gain full coordinator admin access including lease visibility, pool state management, and forced release operations.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Crabbox 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Crabbox是openclaw开源的一个远程代码执行与测试环境管理工具。 Crabbox 0.9.0之前版本存在安全漏洞,该漏洞源于协调器用户令牌验证路径中的认证绕过,verifyUserToken函数未能拒绝包含admin声明的有效载荷,可能导致攻击者提升权限。具有共享非管理员令牌访问权限的攻击者可构造包含admin: true的用户令牌有效载荷,使用HMAC-SHA256签名,并将其呈现给仅管理员协调器路由,从而获得完全协调器管理员访问权限,包括租约可见性、池状态管理和强制释放操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45223
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45223
请登录查看更多情报信息。
- https://github.com/openclaw/crabbox/pull/64issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2026-45223
Same Patch Batch · openclaw · 2026-05-11 · 18 CVEs total
| CVE-2026-45006 | 8.8 HIGH | OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass |
| CVE-2026-45004 | 7.8 HIGH | OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Direct |
| CVE-2026-44995 | 7.3 HIGH | OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables |
| CVE-2026-45001 | 7.1 HIGH | OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access |
| CVE-2026-45224 | 7.1 HIGH | Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution |
| CVE-2026-45005 | 6.0 MEDIUM | OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation |
| CVE-2026-44993 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions |
| CVE-2026-44998 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools |
| CVE-2026-44999 | 5.3 MEDIUM | OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events |
| CVE-2026-44994 | 5.3 MEDIUM | OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoi |
| CVE-2026-45002 | 5.3 MEDIUM | OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping |
| CVE-2026-45000 | 5.0 MEDIUM | OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation |
| CVE-2026-45003 | 5.0 MEDIUM | OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files |
| CVE-2026-44992 | 5.0 MEDIUM | OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv |
| CVE-2026-44997 | 4.3 MEDIUM | OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions |
| CVE-2026-44991 | 4.2 MEDIUM | OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channe |
| CVE-2026-44996 | 3.7 LOW | OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding |
IV. Related Vulnerabilities
Same product: crabbox
Same vendor: openclaw
- CVE-2026-8634
Crabbox < v0.12.0 Environment Variable Information Disclosur - CVE-2026-8629
Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endp - CVE-2026-8621
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing - CVE-2026-45224
Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace R - CVE-2026-45006
OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway To
Same weakness: CWE-290
- CVE-2026-46356
Fleet: IP spoofing allows bypassing API rate limiting - CVE-2026-24899
Fleet Windows MDM Azure AD JWT Authentication Bypass - CVE-2026-24000
Fleet has a rate limiting bypass via untrusted client IP hea - CVE-2026-40460
NGINX ngx_quic_module vulnerability - CVE-2026-44183
Cleanuparr: X-Forwarded-For leftmost parsing allows remote u
V. Comments for CVE-2026-45223
No comments yet