Home / Vulnerability Intelligence / CVE-2026-8629

CVE-2026-8629 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: May 14, 2026

Crabbox - Privilege Escalation

Published: May 14, 2026Updated: May 14, 2026Remote Exploitable

Overview

Crabbox < 0.12.0 contains a privilege escalation vulnerability caused by insufficient access control checks on ticket endpoints, letting users with shared visibility-only access obtain privileged tickets, exploit requires visibility-only access.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Users with limited visibility access can escalate privileges to obtain sensitive tickets and impersonate trusted components.

Mitigation

Upgrade to version 0.12.0 or later.

References

https://github.com/openclaw/crabbox/commit/95cb30dc7dbaa1fef690a42ef6ac1cb6e307a191
https://github.com/openclaw/crabbox/pull/71
https://github.com/openclaw/crabbox/releases/tag/v0.12.0
https://www.vulncheck.com/advisories/crabbox-privilege-escalation-via-agent-ticket-endpoints

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-8629
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new

CWE

CWE-639

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N