A vulnerability described as critical has been identified in openclaw crabbox up to 0.8.x . Impacted is the function verifyUserToken . Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability is tracked as CVE-2026-45223 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.