CVE-2026-8634
critical
CVSS v3
9.1
CVSS v2
—
VIR risk
9.1
Description
Crabbox: environment variable exposure vulnerability
Predictions
Exploit likelihood
94%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/openclaw/crabbox | <0.12.0 | 0.12.0 |
| GO | github.com/openclaw/crabbox | < 0.12.0 | 0.12.0 |
References
- https://github.com/openclaw/crabbox/commit/eaae40ae4ce009e60633f16f7f19600c74557f6f
- https://github.com/openclaw/crabbox/pull/78
- https://github.com/openclaw/crabbox/releases/tag/v0.12.0
- https://www.vulncheck.com/advisories/crabbox-environment-variable-information-disclosure
- https://nvd.nist.gov/vuln/detail/CVE-2026-8634
- https://github.com/openclaw/crabbox
- https://github.com/advisories/GHSA-fm77-94qm-4894
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.