CVE-2026-32232: ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink
Workspace boundary enforcement currently has three related bypass risks. This issue tracks fixing all three in one pull request.
References
- github.com/advisories/GHSA-2m67-cxxq-c3h8
- github.com/qhkm/zeptoclaw
- github.com/qhkm/zeptoclaw/commit/bf004a20d3687a0c1a9e052ec79536e30d6de134
- github.com/qhkm/zeptoclaw/commit/f50c17e11ae3e2d40c96730abac41974ef2ee2a8
- github.com/qhkm/zeptoclaw/pull/324
- github.com/qhkm/zeptoclaw/releases/tag/v0.7.6
- github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8
- nvd.nist.gov/vuln/detail/CVE-2026-32232
Code Behaviors & Features
Detect and mitigate CVE-2026-32232 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →