GHSA-HHJV-JQ77-CMVX

Vulnerability from github – Published: 2026-03-05 00:35 – Updated: 2026-03-05 00:35
VLAI?
Summary
zeptoclaw has Android device shell blocklist bypass via argument permutation
Details

Summary

zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such as rm -r -f or rm -fr etc.

Details

As in code src/tools/android/actions.rs#L413-L424, we can see the rm -f and rm -rf are hard coded and thus can be simply bypassed via rm -r -f or rm -fr etc.

pub async fn device_shell(adb: &AdbExecutor, cmd: &str) -> Result<String> {
    // Normalize whitespace for blocklist check
    let normalized: String = cmd.split_whitespace().collect::<Vec<_>>().join(" ");
    let lower = normalized.to_lowercase();

    let blocked = [
        "rm -rf",
        "rm -r",
        "reboot",
        "factory_reset",
        "wipe",
        "format",
        "dd if=",
        "mkfs",
        "flash",
        "fastboot",
    ];
    for pattern in &blocked {
        if lower.contains(pattern) {
            return Err(ZeptoError::Tool(format!(
                "Blocked dangerous command containing '{}'",
                pattern
            )));
        }
    }

PoC

Set up zeptoclaw with an Android tool and then run the command rm -f -r etc.

Impact

Unauthorized command executed in Android device.

Credit

@zpbrent

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.6.1"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "zeptoclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-05T00:35:29Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n[zeptoclaw](https://github.com/qhkm/zeptoclaw) implements a [blocklist](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424) to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as `rm -f` and `rm -rf`, this can be simply bypassed by using different orders for these arguments, such as `rm -r -f` or `rm -fr` etc.\n\n### Details\nAs in code [src/tools/android/actions.rs#L413-L424](https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424), we can see the `rm -f` and `rm -rf` are hard coded and thus can be simply bypassed via `rm -r -f` or `rm -fr` etc.\n```rust\npub async fn device_shell(adb: \u0026AdbExecutor, cmd: \u0026str) -\u003e Result\u003cString\u003e {\n    // Normalize whitespace for blocklist check\n    let normalized: String = cmd.split_whitespace().collect::\u003cVec\u003c_\u003e\u003e().join(\" \");\n    let lower = normalized.to_lowercase();\n\n    let blocked = [\n        \"rm -rf\",\n        \"rm -r\",\n        \"reboot\",\n        \"factory_reset\",\n        \"wipe\",\n        \"format\",\n        \"dd if=\",\n        \"mkfs\",\n        \"flash\",\n        \"fastboot\",\n    ];\n    for pattern in \u0026blocked {\n        if lower.contains(pattern) {\n            return Err(ZeptoError::Tool(format!(\n                \"Blocked dangerous command containing \u0027{}\u0027\",\n                pattern\n            )));\n        }\n    }\n```\n\n### PoC\nSet up [zeptoclaw](https://github.com/qhkm/zeptoclaw) with an Android tool and then run the command `rm -f -r` etc.\n\n### Impact\nUnauthorized command executed in Android device.\n\n### Credit\n[@zpbrent](https://github.com/zpbrent)",
  "id": "GHSA-hhjv-jq77-cmvx",
  "modified": "2026-03-05T00:35:29Z",
  "published": "2026-03-05T00:35:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-hhjv-jq77-cmvx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qhkm/zeptoclaw/commit/68916c3e4f3af107f11940b27854fc7ef517058b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qhkm/zeptoclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qhkm/zeptoclaw/blob/fe2ef07cfec5bb46b42cdd65f52b9230c03e9270/src/tools/android/actions.rs#L413-L424"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "zeptoclaw has Android device shell blocklist bypass via argument permutation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.