Description
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token: None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.
Published: 2026-03-12
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Message spoofing and IDOR session hijack
Action: Apply patch
AI Analysis

Impact

ZeptoClaw’s generic webhook channel accepts caller‑supplied identity fields (sender and chat_id) from the request body and performs authorization checks on these untrusted values. Because authentication on the webhook is optional and defaults to disabled, an attacker who can reach the POST /webhook endpoint can send a request with a spoofed allowlisted sender and any arbitrary chat_id, allowing the attacker to inject high‑risk messages as another user or to route a session to a different chat entity. The flaw is a classic example of missing authentication and use of insufficient primary authentication, which can lead to confidentiality and integrity violations.

Affected Systems

The affected vendor is qhkm, product ZeptoClaw, a personal AI assistant. Versions prior to 0.7.6 are vulnerable. The fix was released in the 0.7.6 release.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity vulnerability, but the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires network reachability to the ZeptoClaw instance and does not require privileged access; the attacker only needs to craft a POST request with spoofed identity data. If the webhook endpoint is exposed, attackers could weaponize the flaw to spoof messages or hijack chat flows. Defensive action is strongly recommended.

Generated by OpenCVE AI on March 20, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ZeptoClaw to version 0.7.6 or later
  • Verify the installation and restart the service
  • If upgrade is not yet possible, disable the webhook endpoint or enforce authentication on POST /webhook

Generated by OpenCVE AI on March 20, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-46q5-g3j9-wx5c ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
History

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Zeptoclaw
Zeptoclaw zeptoclaw
CPEs cpe:2.3:a:zeptoclaw:zeptoclaw:*:*:*:*:*:rust:*:*
Vendors & Products Zeptoclaw
Zeptoclaw zeptoclaw

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Qhkm
Qhkm zeptoclaw
Vendors & Products Qhkm
Qhkm zeptoclaw

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token: None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.
Title ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data
Weaknesses CWE-306
CWE-345
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N'}

Subscriptions

Qhkm Zeptoclaw
Zeptoclaw Zeptoclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T20:47:02.636Z

Reserved: 2026-03-11T14:47:05.682Z

Link: CVE-2026-32231

cve-icon Vulnrichment

Updated: 2026-03-12T20:44:26.603Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T19:16:17.027

Modified: 2026-03-20T16:03:45.183

Link: CVE-2026-32231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:06Z

Weaknesses