{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32232", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T14:47:05.683Z", "datePublished": "2026-03-12T18:24:35.225Z", "dateUpdated": "2026-03-12T20:46:56.857Z"}, "containers": {"cna": {"title": "ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-62", "lang": "en", "description": "CWE-62: UNIX Hard Link", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8"}, {"name": "https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8", "tags": ["x_refsource_MISC"], "url": "https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8"}], "affected": [{"vendor": "qhkm", "product": "zeptoclaw", "versions": [{"version": "< 0.7.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T18:24:35.225Z"}, "descriptions": [{"lang": "en", "value": "ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6."}], "source": {"advisory": "GHSA-2m67-cxxq-c3h8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T20:39:17.690556Z", "id": "CVE-2026-32232", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:46:56.857Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T20:39:17.690556Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:39:23.158Z"}}], "cna": {"title": "ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink", "source": {"advisory": "GHSA-2m67-cxxq-c3h8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "qhkm", "product": "zeptoclaw", "versions": [{"status": "affected", "version": "< 0.7.6"}]}], "references": [{"url": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8", "name": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8", "name": "https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-62", "description": "CWE-62: UNIX Hard Link"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T18:24:35.225Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32232", "state": "PUBLISHED", "dateUpdated": "2026-03-12T20:46:56.857Z", "dateReserved": "2026-03-11T14:47:05.683Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T18:24:35.225Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aisarlabs:zeptoclaw:*:*:*:*:*:rust:*:*", "matchCriteriaId": "8419056C-4D91-4E82-9100-138A9D5345AD", "versionEndIncluding": "0.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6."}, {"lang": "es", "value": "ZeptoClaw es un asistente personal de IA. Antes de la versi\u00f3n 0.7.6, existe una omisi\u00f3n de componente de enlace simb\u00f3lico colgante, TOCTOU entre validaci\u00f3n y uso, y omisi\u00f3n de alias de enlace duro. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.7.6."}], "id": "CVE-2026-32232", "lastModified": "2026-03-19T20:59:35.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-12T19:16:17.263", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-62"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.7.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "zeptoclaw", "source": "cna", "vendor": "qhkm"}, "product": "zeptoclaw", "vendor": "qhkm"}], "analysis": {"en": {"generated_at": "2026-03-19T22:35:53.569907+00:00", "value": {"mitigation_remediation": ["Upgrade ZeptoClaw to version 0.7.6 or newer, which includes the patch that resolves all known path boundary checks bypasses."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of ZeptoClaw packaged under the vendor qhkm prior to the 0.7.6 release. The version check is specifically mentioned in vendor commit announcements as safe after upgrading to 0.7.6.", "description_and_impact": "ZeptoClaw is a personal AI assistant that, before version 0.7.6, allowed attackers to bypass path boundary checks using a dangling symlink component, a TOCTOU race condition between validation and use, and a hardlink alias bypass. These flaws enable an attacker to read or modify files outside the intended application directory, effectively granting arbitrary file system access. The weakness is classified as a File Path Traversal (CWE-22) and Data Manipulation (CWE-62).", "risk_and_exploitability": "The CVE carries a high CVSS score of 8.8, indicating significant potential impact. The EPSS score is below 1%, suggesting a low likelihood of exploitation in the near term, and the vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires local access to the ZeptoClaw process or the ability to influence file system objects (symlinks/hardlinks) that the application will resolve, implying a local attack vector. Once the bypass is accomplished, an attacker can read or alter any files the process can access."}}}}, "created": "2026-03-13T09:50:24.163667+00:00", "updated": "2026-03-23T09:55:05.998786+00:00", "vendors": ["qhkm", "qhkm$PRODUCT$zeptoclaw"]}