What is CVE-2026-45223?

Authentication bypass in Crabbox coordinator before v0.9.0. verifyUserToken() fails to reject admin claims, letting non-admins escalate to full coordinator admin.

How does the Crabbox admin bypass work?

Attacker with shared non-admin token crafts payload with admin:true, signs via HMAC-SHA256, and accesses admin-only coordinator routes.

What is the CVSS score for CVE-2026-45223?

CVSS 8.8 (High severity). Low attacker effort, minimal prerequisites.

How to fix CVE-2026-45223?

Upgrade Crabbox to version 0.9.0 or later.

OpenClaw's multi-instance coordinator for managing pools of OpenClaw instances, handling lease management and fleet operations.

← Back to dashboard

clawsmith.com/signal/cve-2026-45223-crabbox-coordinator-admin-bypass

⚠ IssueWide OpenLive

CVE-2026-45223: Crabbox Coordinator Authentication Bypass Lets Non-Admin Escalate to Full Admin (CVSS 8.8)

Crabbox (OpenClaw multi-instance coordinator) before 0.9.0 has an authentication bypass in verifyUserToken() that fails to reject admin claims in user tokens. Attackers with shared non-admin token access can sign admin:true payloads via HMAC-SHA256 to gain full coordinator admin access.

Product Idea from this Signal

A reverse proxy that locks OpenClaw gateway configuration against model-driven mutation by enforcing an allowlist of immutable protected settings

8 ▲

OpenClaw gateway config.patch and config.apply endpoints have been exploited through denylist bypass (CVE-2026-45006, CVE-2026-45001, CVE-2026-45004). Compromised models persist malicious config changes to sandbox policy, auth/TLS, and SSRF rules that survive restart. This tool flips the model from denylist to allowlist, intercepting all config mutations at the network layer.

SECURITYREVERSE-PROXYOPEN-SOURCEDEVTOOL

CompetitiveView Opportunity →