github.com/openclaw/crabbox (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/openclaw/crabbox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-8634 — CVSS 9.1 (critical): Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or…
CVE-2026-8621 — CVSS 8.8 (high): Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other…
CVE-2026-45224 — CVSS 7.1 (high): Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to…