CVE-2026-32232
Symlink and TOCTOU Vulnerabilities in ZeptoClaw AI Assistant
Publication date: 2026-03-12
Last updated on: 2026-03-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aisarlabs | zeptoclaw | to 0.7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-62 | The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32232 is a high-severity vulnerability in the ZeptoClaw AI assistant (versions β€ 0.7.5) related to improper enforcement of workspace boundary checks. It allows attackers to bypass security restrictions through three main methods: dangling symlink component bypass, TOCTOU (Time-of-Check to Time-of-Use) race conditions, and hardlink alias bypass.
- Dangling Symlink Component Bypass: Attackers can create symlinks inside the workspace that point to non-existent targets during validation, then later create those targets outside the workspace to escape boundary checks.
- TOCTOU Race Condition: There is a time gap between path validation and actual file operations, allowing attackers to replace path components with links to external locations, bypassing workspace restrictions.
- Hardlink Alias Bypass: Files inside the workspace can be hardlinks to files outside the workspace, enabling unauthorized read/write access beyond the intended boundaries.
Overall, these issues allow unauthorized cross-path boundary access, enabling read and write operations outside the designated workspace, which can lead to serious security breaches.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized access to files and directories outside the intended workspace boundaries in ZeptoClaw. Attackers can exploit symlink and hardlink weaknesses and race conditions to read or write files they should not have access to.
- Unauthorized read/write access to sensitive files outside the workspace.
- Potential data leakage or corruption due to escaping workspace restrictions.
- Compromise of system integrity by manipulating files outside the controlled environment.
Such impacts can lead to security breaches, data loss, or unauthorized data modification.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal attacks via symlink, TOCTOU race conditions, and hardlink aliasing within the ZeptoClaw workspace. Detection involves checking for dangling symlinks, race conditions between path validation and use, and hardlinks pointing outside the workspace.
To detect potential exploitation or presence of this vulnerability on your system, you can:
- Look for dangling symlinks inside the workspace by using commands like `find /path/to/workspace -type l ! -exec test -e {} \; -print` which lists symlinks whose targets do not exist.
- Check for hardlinks inside the workspace that have multiple links (nlink > 1) using `find /path/to/workspace -type f -links +1 -exec ls -l {} \;` to identify files that may alias external inodes.
- Monitor for race conditions (TOCTOU) by auditing filesystem operations that validate paths and then use them, ensuring that path validation and use happen atomically or with revalidation.
While no specific commands are provided in the resources for detecting TOCTOU exploits directly, ensuring that your tools or scripts revalidate paths immediately before filesystem operations can help mitigate detection gaps.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability in ZeptoClaw, the following immediate steps are recommended:
- Upgrade ZeptoClaw to version 0.7.6 or later, where the vulnerability is fixed.
- Ensure that path validation uses `symlink_metadata()` (or equivalent) instead of `exists()` to detect and reject dangling symlinks outright.
- Implement immediate path revalidation (e.g., a `revalidate_path()` function) right before every filesystem operation to prevent TOCTOU race conditions.
- Block write operations on files with multiple hard links by checking the link count (`nlink`) before writes to prevent hardlink alias bypass.
- Audit and log all security violations related to symlink escapes, dangling symlinks, TOCTOU escapes, and hardlink escapes.