CVE-2026-32231
Published: 12 March 2026
Summary
CVE-2026-32231 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Zeptoclaw Zeptoclaw. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access using verified identities rather than trusting spoofed caller-supplied sender and chat_id fields.
Requires unique identification and authentication of non-organizational users or processes accessing the webhook endpoint, mitigating missing authentication.
Explicitly identifies and limits actions permitted without identification or authentication, preventing unauthorized webhook message spoofing by default.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes a network-accessible POST /webhook endpoint in a personal AI assistant that lacks authentication (defaults disabled) and blindly trusts caller-supplied identity fields (sender, chat_id). This directly enables an unauthenticated attacker to exploit a public-facing application, resulting in message spoofing and IDOR-style abuse of chat/session routing.
NVD Description
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token:…
more
None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.
Deeper analysisAI
CVE-2026-32231 is a vulnerability in ZeptoClaw, a personal AI assistant, affecting versions prior to 0.7.6. The issue lies in the generic webhook channel, which trusts caller-supplied identity fields—such as sender and chat_id—from the request body and applies authorization checks to those untrusted values. Authentication is optional and defaults to disabled (auth_token: None), allowing improper verification. The vulnerability carries a CVSS v3.1 score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N) and is linked to CWE-306 (Missing Authentication for Critical Function) and CWE-345 (Insufficient Verification of Data Authenticity). It was published on 2026-03-12T19:16:17.027.
An attacker with network access to the POST /webhook endpoint can exploit this without privileges, authentication, or user interaction. By spoofing an allowlisted sender and specifying arbitrary chat_id values, they enable high-risk message spoofing and potential IDOR-style abuse in session or chat routing.
The vulnerability is addressed in ZeptoClaw 0.7.6. Mitigation details are available in the fixing commit (https://github.com/qhkm/zeptoclaw/commit/bf004a20d3687a0c1a9e052ec79536e30d6de134), pull request #324 (https://github.com/qhkm/zeptoclaw/pull/324), release tag v0.7.6 (https://github.com/qhkm/zeptoclaw/releases/tag/v0.7.6), and GitHub security advisory GHSA-46q5-g3j9-wx5c (https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-46q5-g3j9-wx5c).
ZeptoClaw's nature as a personal AI assistant underscores authentication risks in webhook channels for AI deployments where defaults permit unauthenticated access.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai