CVE-2026-45223 Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...