PatchSiren cyber security CVE debrief
CVE-2026-8629 openclaw CVE debrief
CVE-2026-8629 is a high-severity vulnerability in Crabbox, a software that allows users to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints, potentially leading to privilege escalation. This vulnerability affects users with shared visibility-only access and can be exploited due to insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints.
- Vendor
- openclaw
- Product
- crabbox
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-05-14
- Advisory updated
- 2026-07-14
Who should care
Users of Crabbox prior to v0.12.0, administrators, and security teams should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
CVE-2026-8629 is a privilege escalation vulnerability in Crabbox that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. This is due to insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints. The vulnerability has a high CVSS score of 8.6 and is considered a high-severity issue.
Defensive priority
High
Recommended defensive actions
- Upgrade Crabbox to v0.12.0 or later
- Restrict access to ticket endpoints
- Monitor for suspicious activity
- Implement additional security measures to prevent privilege escalation
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-05-14T20:17:21.567Z and last modified on 2026-07-14T23:17:39.123Z. The NVD entry is currently Deferred. The source details are limited, and further verification is needed to confirm the affected scope and severity. Defenders should verify the official advisory and CVE record for accurate information.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-14T20:17:21.567Z and has not been modified since then. The NVD entry is currently Deferred.