CVE-2026-32232
ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
qhkm · zeptoclawWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →