CVE-2026-32232

CriticalPublic PoC

Published: 12 March 2026

Published

12 March 2026

Modified

19 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely flaw remediation, such as upgrading ZeptoClaw to version 0.7.6 where the dangling symlink, TOCTOU, and hardlink bypasses are fixed.

SI-10 Information Input Validation good match

prevent

Prevents path traversal (CWE-22) and symlink/hardlink (CWE-62) exploits by validating information inputs like file paths used in ZeptoClaw's component handling.

AC-3 Access Enforcement partial match

prevent

Enforces access control policies that mediate file and resource access, reducing the risk of symlink/hardlink bypasses and TOCTOU races in ZeptoClaw.

Security SummaryAI

CVE-2026-32232 affects ZeptoClaw, a personal AI assistant, in versions prior to 0.7.6. The vulnerability encompasses a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass, mapped to CWE-22 (Path Traversal) and CWE-62 (UNIX Hard Link). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts across confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables full compromise of the affected ZeptoClaw instance, potentially allowing arbitrary code execution, data exfiltration, modification, or denial of service.

The vulnerability is fixed in ZeptoClaw version 0.7.6. Official mitigation details are available in the GitHub security advisory at https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8 and the fixing commit at https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8; practitioners should upgrade immediately and review the changes for deployment guidance.

Details

CWE(s): CWE-22 CWE-62

Affected Products

aisarlabs

zeptoclaw

≤ 0.7.5

AI Security AnalysisAI

AI Category: Machine Learning Libraries
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote unauthenticated attackers to fully compromise the ZeptoClaw service via path traversal and symlink/hardlink bypasses in a public-facing application, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8
Patch · security-advisories@github.com
https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8
Exploit, Patch, Vendor Advisory · security-advisories@github.com