CVE-2026-28445
published 2026-05-22CVE-2026-28445: Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg…
PriorityP351high8.7CVSS 3.1
AVNACLPRLUIRSCCHIHAN
EPSS
0.26%
16.9th percentile
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baptistearno | typebot.io | < 3.16.0 | 3.16.0 |
| typebot.io | js | >= 0 < 0.10.1 | 0.10.1 |
CVSS provenance
nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
cvelistv5v3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
ghsa·2026-05-26
CVE-2026-28445 [HIGH] CWE-79 Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
## Summary
The rating block's custom icon feature accepts arbitrary HTML/SVG via the `customIcon.svg` field and renders it using Solid's `innerHTML` directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM context (builder.typebot.io), bypassing the `isUnsafe` Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application.
## Severity
**High** (CVSS 3.1: 8.7)
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N`
- **Attack Vector:** Network — malicious typebot can be delivered via import/template sharing or craf
CVEList
Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
cvelistv5·2026-05-22·CVSS 8.7
CVE-2026-28445 [HIGH] CWE-79 Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox
VulDB
baptisteArno typebot.io up to 3.15.x RatingButton cross site scripting
vuldb·2026-05-22
CVE-2026-28445 [LOW] baptisteArno typebot.io up to 3.15.x RatingButton cross site scripting
A vulnerability labeled as problematic has been found in baptisteArno typebot.io up to 3.15.x. The affected element is an unknown function of the component RatingButton Component. Such manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2026-28445. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/baptisteArno/typebot.io/commit/474ecbf46bc47a75265bada2599f12b2179de375https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-6m7c-xfhp-p9fhhttps://github.com/baptisteArno/typebot.io/security/advisories/GHSA-6m7c-xfhp-p9fh
2026-05-22
Published