Description
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Access
Action: Immediate Patch
AI Analysis

Impact

ZeptoClaw is a personal AI assistant that, before version 0.7.6, allowed attackers to bypass path boundary checks using a dangling symlink component, a TOCTOU race condition between validation and use, and a hardlink alias bypass. These flaws enable an attacker to read or modify files outside the intended application directory, effectively granting arbitrary file system access. The weakness is classified as a File Path Traversal (CWE-22) and Data Manipulation (CWE-62).

Affected Systems

The vulnerability affects all versions of ZeptoClaw packaged under the vendor qhkm prior to the 0.7.6 release. The version check is specifically mentioned in vendor commit announcements as safe after upgrading to 0.7.6.

Risk and Exploitability

The CVE carries a high CVSS score of 8.8, indicating significant potential impact. The EPSS score is below 1%, suggesting a low likelihood of exploitation in the near term, and the vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires local access to the ZeptoClaw process or the ability to influence file system objects (symlinks/hardlinks) that the application will resolve, implying a local attack vector. Once the bypass is accomplished, an attacker can read or alter any files the process can access.

Generated by OpenCVE AI on March 19, 2026 at 22:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ZeptoClaw to version 0.7.6 or newer, which includes the patch that resolves all known path boundary checks bypasses.

Generated by OpenCVE AI on March 19, 2026 at 22:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2m67-cxxq-c3h8 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
History

Thu, 19 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Aisarlabs
Aisarlabs zeptoclaw
CPEs cpe:2.3:a:aisarlabs:zeptoclaw:*:*:*:*:*:rust:*:*
Vendors & Products Aisarlabs
Aisarlabs zeptoclaw
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Qhkm
Qhkm zeptoclaw
Vendors & Products Qhkm
Qhkm zeptoclaw

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.
Title ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
Weaknesses CWE-22
CWE-62
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Aisarlabs Zeptoclaw
Qhkm Zeptoclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T20:46:56.857Z

Reserved: 2026-03-11T14:47:05.683Z

Link: CVE-2026-32232

cve-icon Vulnrichment

Updated: 2026-03-12T20:39:23.158Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T19:16:17.263

Modified: 2026-03-19T20:59:35.560

Link: CVE-2026-32232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:05Z

Weaknesses