CVE-2026-8621
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-287
Autenticación incorrecta
Fecha de publicación:
14/05/2026
Última modificación:
15/05/2026
Descripción
*** Pendiente de traducción *** Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token to bypass authorization checks and access owner/org-scoped lease operations belonging to victim accounts.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Puntuación base 3.x
8.80
Gravedad 3.x
ALTA



