CVE-2026-32232

Published: Mar 12, 2026

Modified: Mar 12, 2026

PUBLISHED

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

Vendor	Product	Versions
qhkm	zeptoclaw	affected `< 0.7.6`

Weaknesses (CWE)

CWE-22

CWE-62

References

https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8

x_refsource_CONFIRM

https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-32232

Description

Affected Products

Weaknesses (CWE)

References