CVE-2026-32232

UNKNOWN 0.0

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

CWE	CWE-22 CWE-62
Vendor	qhkm
Product	zeptoclaw
Published	Mar 12, 2026
Last Updated	Mar 12, 2026

Stay Ahead of the Next One

Get instant alerts for qhkm zeptoclaw

Be the first to know when new unknown vulnerabilities affecting qhkm zeptoclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

qhkm / zeptoclaw

< 0.7.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8 github.com: https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8