GHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation
Vulnerability ID: GHSA-HHJV-JQ77-CMVX
CVSS Score: High
Published: 2026-03-05
The zeptoclaw Rust framework contains a security bypass vulnerability in its Android device shell interface (device_shell). The vulnerability allows attackers to execute dangerous commands, specifically recursive file deletions (rm -rf), by circumventing a naive blocklist implementation. The original security control relied on literal substring matching, which fails to account for argument permutations, alternative flag syntax, or binary aliasing (e.g., busybox rm). This flaw permits malicious agents or attackers with access to the framework's shell tool to perform destructive actions on connected Android devices.
TL;DR
A blocklist bypass in zeptoclaw's Android shell tool allows execution of banned commands like 'rm -rf' via argument splitting (e.g., 'rm -r -f').
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-184 (Incomplete List of Disallowed Inputs)
- Attack Vector: Local / Remote (via Agent Interface)
- Severity: High
- Exploit Status: Functional PoC
- Affected Component: device_shell() function
- Patch Commit: 68916c3e4f3af107f11940b27854fc7ef517058b
Affected Systems
- zeptoclaw (Rust Crate)
- Android devices connected via ADB to vulnerable zeptoclaw instances
-
zeptoclaw: < 1.1.0 (Fixed in:
1.1.0)
Code Analysis
Commit: 68916c3
Fix Android device shell blocklist bypass via robust argument parsing
fn is_rm_recursive_force(tokens: &[&str]) -> bool { ... }
Mitigation Strategies
- Semantic Argument Parsing
- Input Tokenization
- Least Privilege Execution
Remediation Steps:
- Update
zeptoclawto the latest version (commit 68916c3 or later). - Audit existing agent scripts for attempts to use
rmwith flag permutations. - Restrict ADB user permissions on target Android devices where possible.
References
Read the full report for GHSA-HHJV-JQ77-CMVX on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)