CVE-2026-39965
published 2026-05-22CVE-2026-39965: TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the…
PriorityP346high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.24%
14.8th percentile
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baptistearno | typebot.io | < 3.16.0 | 3.16.0 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvelistv5v3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks
cvelistv5·2026-05-22·CVSS 7.7
CVE-2026-39965 [HIGH] CWE-918 TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal
VulDB
baptisteArno typebot.io up to 3.15.x HTTP Request validateHttpReqUrl server-side request forgery
vuldb·2026-05-22
CVE-2026-39965 [CRITICAL] baptisteArno typebot.io up to 3.15.x HTTP Request validateHttpReqUrl server-side request forgery
A vulnerability identified as critical has been detected in baptisteArno typebot.io up to 3.15.x. Affected by this vulnerability is the function validateHttpReqUrl of the component HTTP Request Handler. The manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-39965. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published