CVE-2026-32232CRITICAL 9.8EPSS p44.9%

CVE-2026-32232CVE-2026-32232

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.62% probability of exploitation · percentile 44.9% · 2026-06-19T12:03:05Z
Published2026-03-12
Last modified2026-03-19

Underlying weaknesses· 2

CWE-22CWE-62

References

  1. https://github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8
  2. https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8

2

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live
WeaknessUNIX Hard Linkcwe-620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32231
CVE
CVE-2026-32055
CVE
CVE-2026-32056
CVE
CVE-2026-24763
CVE
CVE-2026-29610
CVE
CVE-2026-41364
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.