CVE-2026-45223

Published: Mag 11, 2026 Last Modified: Mag 11, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin token can craft a user-token payload with admin: true, sign it using HMAC-SHA256, and present it to admin-only coordinator routes to gain full coordinator admin access including lease visibility, pool state management, and forced release operations.

290

Authentication Bypass by Spoofing

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/openclaw/crabbox/pull/64
https://github.com/openclaw/crabbox/pull/64
https://github.com/openclaw/crabbox/commit/46079f6de7f10cf6…
https://github.com/openclaw/crabbox/commit/46079f6de7f10cf61bc47efebd0c143a4166…
https://github.com/openclaw/crabbox/pull/64
https://github.com/openclaw/crabbox/pull/64
https://github.com/openclaw/crabbox/releases/tag/v0.9.0
https://github.com/openclaw/crabbox/releases/tag/v0.9.0
https://www.vulncheck.com/advisories/crabbox-authentication…
https://www.vulncheck.com/advisories/crabbox-authentication-bypass-via-admin-cl…