CVE-2026-8629HIGH 8.1EPSS p25.4%

CVE-2026-8629CVE-2026-8629

Description

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints to obtain bridge-agent tickets and impersonate trusted lease-side bridges despite having only visibility permissions.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.34% probability of exploitation · percentile 25.4% · 2026-06-19T12:03:05Z
Published2026-05-14
Last modified2026-05-15

Underlying weaknesses· 1

CWE-639

References

  1. https://github.com/openclaw/crabbox/commit/95cb30dc7dbaa1fef690a42ef6ac1cb6e307a191
  2. https://github.com/openclaw/crabbox/pull/71
  3. https://github.com/openclaw/crabbox/releases/tag/v0.12.0
  4. https://www.vulncheck.com/advisories/crabbox-privilege-escalation-via-agent-ticket-endpoints
  5. https://github.com/openclaw/crabbox/pull/71

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8621
CVE
CVE-2026-45223
CVE
CVE-2026-8634
CVE
CVE-2026-32064
CVE
CVE-2026-43575
CVE
CVE-2026-26422
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.