PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8629 openclaw CVE debrief

CVE-2026-8629 is a high-severity vulnerability in Crabbox, a software that allows users to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints, potentially leading to privilege escalation. This vulnerability affects users with shared visibility-only access and can be exploited due to insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints.

Vendor
openclaw
Product
crabbox
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-14
Original CVE updated
2026-07-14
Advisory published
2026-05-14
Advisory updated
2026-07-14

Who should care

Users of Crabbox prior to v0.12.0, administrators, and security teams should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

CVE-2026-8629 is a privilege escalation vulnerability in Crabbox that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. This is due to insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints. The vulnerability has a high CVSS score of 8.6 and is considered a high-severity issue.

Defensive priority

High

Recommended defensive actions

  • Upgrade Crabbox to v0.12.0 or later
  • Restrict access to ticket endpoints
  • Monitor for suspicious activity
  • Implement additional security measures to prevent privilege escalation
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-05-14T20:17:21.567Z and last modified on 2026-07-14T23:17:39.123Z. The NVD entry is currently Deferred. The source details are limited, and further verification is needed to confirm the affected scope and severity. Defenders should verify the official advisory and CVE record for accurate information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-14T20:17:21.567Z and has not been modified since then. The NVD entry is currently Deferred.