VYPR
High severityNVD Advisory· Published Mar 12, 2026· Updated Mar 12, 2026

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

CVE-2026-32232

Description

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zeptoclawcrates.io
< 0.7.60.7.6

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.