Qhkm Zeptoclaw vulnerabilities
2 known vulnerabilities affecting qhkm/zeptoclaw.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-32232P2CRITICALCVSS 9.8fixed in 0.7.62026-03-12
CVE-2026-32232 [CRITICAL] CWE-22 CVE-2026-32232: ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass,
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.
nvd
CVE-2026-32231P3HIGHCVSS 8.2fixed in 0.7.62026-03-12
CVE-2026-32231 [HIGH] CWE-306 CVE-2026-32231: ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supp
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token: None), an attacker who can reach POST /webhook can spoof an
nvd