CVE-2026-32231
published 2026-03-12CVE-2026-32231: ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request…
PriorityP349high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
EPSS
0.18%
8.2th percentile
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token: None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qhkm | zeptoclaw | < 0.7.6 | 0.7.6 |
| zeptoclaw | zeptoclaw | <= 0.7.5 | — |
| zeptoclaw | zeptoclaw | >= 0 < 0.7.6 | 0.7.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
ghsa·2026-03-12
CVE-2026-32231 [HIGH] CWE-306 ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
### Summary
The generic webhook channel trusts caller-supplied identity fields (`sender`, `chat_id`) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (`auth_token: None`), an attacker who can reach `POST /webhook` can spoof an allowlisted sender and choose arbitrary `chat_id` values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse.
### Details
Relevant code paths:
- `src/channels/webhook.rs:121` sets runtime default `auth_token: None`.
- `src/config/types.rs:910` also defaults webhook config `auth_token` to `None`.
- `src/channels/
OSV
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
osv·2026-03-12
CVE-2026-32231 [HIGH] ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
### Summary
The generic webhook channel trusts caller-supplied identity fields (`sender`, `chat_id`) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (`auth_token: None`), an attacker who can reach `POST /webhook` can spoof an allowlisted sender and choose arbitrary `chat_id` values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse.
### Details
Relevant code paths:
- `src/channels/webhook.rs:121` sets runtime default `auth_token: None`.
- `src/config/types.rs:910` also defaults webhook config `auth_token` to `None`.
- `src/channels/
No detection rules found.
No public exploits indexed.
2026-03-12
Published