CVE-2026-45224
Crabbox · Crabbox
Crabbox is vulnerable to a path traversal flaw allowing unauthorized file system access.
Executive summary
A path traversal vulnerability in Crabbox allows local attackers to potentially access restricted files, posing a risk to system integrity.
Vulnerability
This is a path traversal vulnerability (CWE-22) residing in the workspace resolution logic, which fails to properly validate pathnames. The vulnerability is exploitable by a local user with user-level interaction.
Business impact
Successful exploitation of this flaw could allow an attacker to read or manipulate sensitive files outside of the intended directory structure. This compromises the confidentiality and integrity of the local environment. While the CVSS score of 7.1 indicates a high severity, the requirement for local access and user interaction slightly mitigates the immediate remote risk.
Remediation
Immediate Action: Update the Crabbox package to version 0.9.0 or later to resolve the path resolution flaw.
Proactive Monitoring: Monitor file system access logs for unexpected access attempts to sensitive configuration files or directories outside of the designated workspace.
Compensating Controls: Ensure that the application process is running with the least privilege necessary to limit the potential impact of file system traversal.
Exploitation status
Public Exploit Available: No (no confirmed public exploit in available data).
Analyst recommendation
Given the potential for unauthorized file access, administrators should prioritize updating to version 0.9.0. Applying this update is the most effective way to secure the environment against potential path traversal attacks.