Tag
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability (CVE-2026-8621) that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers, granting unauthorized access to lease operations.