Which versions of ZeptoClaw are affected by CVE-2026-32232?

Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. - What happens: Path validation can miss dangling symlink components…. A patch is available.

Is there a patch available for CVE-2026-32232?

Yes, a patch is available for CVE-2026-32232. Update the affected software to the latest version immediately.

ZeptoClaw CVE-2026-32232

Path Traversal (CWE-22)

2026-03-12 security-advisories@github.com

GHSA-2m67-cxxq-c3h8

Path Traversal Race Condition

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 19:16 nvd

N/A

DescriptionNVD

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

AnalysisAI

Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32232 vulnerability details – vuln.today

Back

ZeptoClaw CVE-2026-32232

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code