Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
ZeptoClaw Android Shell Bypass Risk on Android Devices
GHSA-hhjv-jq77-cmvx
Summary
A vulnerability in ZeptoClaw allows malicious commands to bypass its blocklist on Android devices. This could potentially allow unauthorized deletion of files or other malicious actions. Users should update to a fixed version of ZeptoClaw to prevent this.
What to do
- Update zeptoclaw to version 0.6.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | zeptoclaw | <= 0.6.1 | 0.6.2 |
Original title
zeptoclaw has Android device shell blocklist bypass via argument permutation
Original description
### Summary
[zeptoclaw](https://github.com/qhkm/zeptoclaw) implements a [blocklist](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424) to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as `rm -f` and `rm -rf`, this can be simply bypassed by using different orders for these arguments, such as `rm -r -f` or `rm -fr` etc.
### Details
As in code [src/tools/android/actions.rs#L413-L424](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424), we can see the `rm -f` and `rm -rf` are hard coded and thus can be simply bypassed via `rm -r -f` or `rm -fr` etc.
```rust
pub async fn device_shell(adb: &AdbExecutor, cmd: &str) -> Result<String> {
// Normalize whitespace for blocklist check
let normalized: String = cmd.split_whitespace().collect::<Vec<_>>().join(" ");
let lower = normalized.to_lowercase();
let blocked = [
"rm -rf",
"rm -r",
"reboot",
"factory_reset",
"wipe",
"format",
"dd if=",
"mkfs",
"flash",
"fastboot",
];
for pattern in &blocked {
if lower.contains(pattern) {
return Err(ZeptoError::Tool(format!(
"Blocked dangerous command containing '{}'",
pattern
)));
}
}
```
### PoC
Set up [zeptoclaw](https://github.com/qhkm/zeptoclaw) with an Android tool and then run the command `rm -f -r` etc.
### Impact
Unauthorized command executed in Android device.
### Credit
[@zpbrent](https://github.com/zpbrent)
[zeptoclaw](https://github.com/qhkm/zeptoclaw) implements a [blocklist](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424) to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as `rm -f` and `rm -rf`, this can be simply bypassed by using different orders for these arguments, such as `rm -r -f` or `rm -fr` etc.
### Details
As in code [src/tools/android/actions.rs#L413-L424](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424), we can see the `rm -f` and `rm -rf` are hard coded and thus can be simply bypassed via `rm -r -f` or `rm -fr` etc.
```rust
pub async fn device_shell(adb: &AdbExecutor, cmd: &str) -> Result<String> {
// Normalize whitespace for blocklist check
let normalized: String = cmd.split_whitespace().collect::<Vec<_>>().join(" ");
let lower = normalized.to_lowercase();
let blocked = [
"rm -rf",
"rm -r",
"reboot",
"factory_reset",
"wipe",
"format",
"dd if=",
"mkfs",
"flash",
"fastboot",
];
for pattern in &blocked {
if lower.contains(pattern) {
return Err(ZeptoError::Tool(format!(
"Blocked dangerous command containing '{}'",
pattern
)));
}
}
```
### PoC
Set up [zeptoclaw](https://github.com/qhkm/zeptoclaw) with an Android tool and then run the command `rm -f -r` etc.
### Impact
Unauthorized command executed in Android device.
### Credit
[@zpbrent](https://github.com/zpbrent)
ghsa CVSS3.1
7.5
Vulnerability type
CWE-78
OS Command Injection
Published: 5 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026