Skip to main content

Zeptoclaw

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-32231 Cargo HIGH POC PATCH This Week

High severity vulnerability in ZeptoClaw. # The generic webhook channel trusts caller-supplied identity fields (`sender`, `chat_id`) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (`auth_token: None`), an attacker who can reach `POST /webhook` can spoof an allowlisted sender and choose arbitrary `chat_id` values, enabling high-risk message sp...

Authentication Bypass Zeptoclaw
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32231 Cargo
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

High severity vulnerability in ZeptoClaw. # The generic webhook channel trusts caller-supplied identity fields (`sender`, `chat_id`) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (`auth_token: None`), an attacker who can reach `POST /webhook` can spoof an allowlisted sender and choose arbitrary `chat_id` values, enabling high-risk message sp...

Authentication Bypass Zeptoclaw
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy