github.com/openclaw/crabbox

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/openclaw/crabboxpage 1 of 1

CVE-2026-45224HIGHCVSS 7.1EG 7.1✓ Fixed in 0.9.0
2026-05-11
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can …
CVE-2026-8621HIGHCVSS 8.8EG 8.8✓ Fixed in 0.12.0
2026-05-14
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner a…
CVE-2026-8634CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.12.0
2026-05-14
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens i…

Check whether github.com/openclaw/crabbox is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/openclaw/crabbox CVEs against the assets you own.

Start Free Scan →