CVE-2026-8621

OpenClaw · Crabbox

OpenClaw Crabbox contains an improper authentication vulnerability that allows attackers with low privileges to bypass security controls via header spoofing.

Executive summary

A critical authentication bypass vulnerability in OpenClaw Crabbox allows low-privileged attackers to gain unauthorized access, posing a severe risk to system integrity.

Vulnerability

The application suffers from improper authentication (CWE-287) where header spoofing can be leveraged to bypass security checks. The CVSS vector (PR:L) confirms that an authenticated user with low privileges can exploit this flaw to achieve total system impact.

Business impact

Successful exploitation of this vulnerability allows unauthorized actors to perform actions beyond their intended authorization level, potentially leading to full system compromise. Given the CVSS score of 8.8, this flaw represents a High severity risk that could result in significant data exfiltration or unauthorized administrative operations within the affected environment.

Remediation

Immediate Action: Upgrade OpenClaw Crabbox to version 0.12.0 or apply the upstream fix commit b657323f1d1c954cefc8444571fa6c45a8896e7f.

Proactive Monitoring: Review web server and application access logs for suspicious requests containing anomalous header configurations or unexpected user privilege escalation attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to inspect and sanitize incoming HTTP headers, specifically looking for common spoofing patterns.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Organizations utilizing OpenClaw Crabbox must prioritize the update to version 0.12.0 immediately. The ease of exploitation for authenticated users makes this a high-priority patching task to prevent unauthorized lateral movement or administrative abuse.