CVE-2026-8621
OpenClaw · Crabbox
OpenClaw Crabbox contains an improper authentication vulnerability that allows attackers with low privileges to bypass security controls via header spoofing.
Executive summary
A critical authentication bypass vulnerability in OpenClaw Crabbox allows low-privileged attackers to gain unauthorized access, posing a severe risk to system integrity.
Vulnerability
The application suffers from improper authentication (CWE-287) where header spoofing can be leveraged to bypass security checks. The CVSS vector (PR:L) confirms that an authenticated user with low privileges can exploit this flaw to achieve total system impact.
Business impact
Successful exploitation of this vulnerability allows unauthorized actors to perform actions beyond their intended authorization level, potentially leading to full system compromise. Given the CVSS score of 8.8, this flaw represents a High severity risk that could result in significant data exfiltration or unauthorized administrative operations within the affected environment.
Remediation
Immediate Action: Upgrade OpenClaw Crabbox to version 0.12.0 or apply the upstream fix commit b657323f1d1c954cefc8444571fa6c45a8896e7f.
Proactive Monitoring: Review web server and application access logs for suspicious requests containing anomalous header configurations or unexpected user privilege escalation attempts.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to inspect and sanitize incoming HTTP headers, specifically looking for common spoofing patterns.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations utilizing OpenClaw Crabbox must prioritize the update to version 0.12.0 immediately. The ease of exploitation for authenticated users makes this a high-priority patching task to prevent unauthorized lateral movement or administrative abuse.