2 matches found
User Impersonation
Overview @openclaw/crabbox-plugin is an OpenClaw plugin for running Crabbox remote testbox workflows Affected versions of this package are vulnerable to User Impersonation in the verifyUserToken function. An attacker can gain unauthorized administrative access by injecting an admin claim into a...
CVE-2026-45223 Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...