anonhaven
Ad

CVE-2026-32232

HIGH CVSS 4.0: 8.8 EPSS 0.07%
Updated Mar 12, 2026
Zeptoclaw
Parameter Value
CVSS 8.8 (HIGH)
Fixed In 0.7.6
Type CWE-62, CWE-22 (Path Traversal)
Vendor Zeptoclaw
Public PoC No

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-62
CWE-22 Path Traversal

References 2

https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2…
security-advisories@github.com
https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32231

Zeptoclaw

8.2