Cyber Resilience

CVE-2026-32231

HighPublic PoC

Published: 12 March 2026

Published
12 March 2026
Modified
20 March 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0018 8.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32231 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Zeptoclaw Zeptoclaw. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-32231 is a vulnerability in ZeptoClaw, a personal AI assistant, affecting versions prior to 0.7.6. The issue lies in the generic webhook channel, which trusts caller-supplied identity fields—such as sender and chat_id—from the request body and applies authorization checks to those untrusted values. Authentication is optional and defaults to disabled (auth_token: None), allowing improper verification. The vulnerability carries a CVSS v3.1 score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N) and is linked to CWE-306 (Missing Authentication for Critical Function) and CWE-345 (Insufficient Verification of Data Authenticity). It was published on 2026-03-12T19:16:17.027.

An attacker with network access to the POST /webhook endpoint can exploit this without privileges, authentication, or user interaction. By spoofing an allowlisted sender and specifying arbitrary chat_id values, they enable high-risk message spoofing and potential IDOR-style abuse in session or chat routing.

The vulnerability is addressed in ZeptoClaw 0.7.6. Mitigation details are available in the fixing commit (https://github.com/qhkm/zeptoclaw/commit/bf004a20d3687a0c1a9e052ec79536e30d6de134), pull request #324 (https://github.com/qhkm/zeptoclaw/pull/324), release tag v0.7.6 (https://github.com/qhkm/zeptoclaw/releases/tag/v0.7.6), and GitHub security advisory GHSA-46q5-g3j9-wx5c (https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-46q5-g3j9-wx5c).

ZeptoClaw's nature as a personal AI assistant underscores authentication risks in webhook channels for AI deployments where defaults permit unauthenticated access.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled (auth_token:…

more

None), an attacker who can reach POST /webhook can spoof an allowlisted sender and choose arbitrary chat_id values, enabling high-risk message spoofing and potential IDOR-style session/chat routing abuse. This vulnerability is fixed in 0.7.6.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability exposes a network-accessible POST /webhook endpoint in a personal AI assistant that lacks authentication (defaults disabled) and blindly trusts caller-supplied identity fields (sender, chat_id). This directly enables an unauthenticated attacker to exploit a public-facing application, resulting in message spoofing and IDOR-style abuse of chat/session routing.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-4815Shared CWE-306
CVE-2026-25474Shared CWE-345
CVE-2026-26319Shared CWE-306
CVE-2026-44847Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2026-32211Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306

Affected Assets

zeptoclaw
zeptoclaw
≤ 0.7.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access using verified identities rather than trusting spoofed caller-supplied sender and chat_id fields.

prevent

Requires unique identification and authentication of non-organizational users or processes accessing the webhook endpoint, mitigating missing authentication.

prevent

Explicitly identifies and limits actions permitted without identification or authentication, preventing unauthorized webhook message spoofing by default.

References