cbcvebase.

Baptistearno Typebot.Io vulnerabilities

18 known vulnerabilities affecting baptistearno/typebot.io.

Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH9MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-33712P2CRITICALCVSS 10.0fixed in 3.16.02026-05-22
CVE-2026-33712 [CRITICAL] CWE-862 CVE-2026-33712: Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /ap Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox
cvelistv5nvd
CVE-2025-64709P2CRITICALCVSS 9.9fixed in 3.13.12025-11-13
CVE-2025-64709 [CRITICAL] CWE-918 CVE-2025-64709: Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forger Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 prot
nvd
CVE-2026-48768P3CRITICALCVSS 9.3fixed in 3.17.02026-06-18
CVE-2026-48768 [CRITICAL] CWE-22 CVE-2026-48768: TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/ge TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any anonymous visitor to a published bot with a file input can
cvelistv5nvd
CVE-2026-48764P3HIGHCVSS 8.2fixed in 3.17.22026-06-18
CVE-2026-48764 [HIGH] CWE-918 CVE-2026-48764: TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by re TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but
cvelistv5nvd
CVE-2026-28445P3HIGHCVSS 8.7fixed in 3.16.02026-05-22
CVE-2026-28445 [HIGH] CWE-79 CVE-2026-28445: Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the e Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rati
cvelistv5nvd
CVE-2026-34207P3HIGHCVSS 7.6fixed in 3.16.02026-05-22
CVE-2026-34207 [HIGH] CWE-20 CVE-2026-34207: TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP R TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.example that resolves to 127.0.0.1, 169.254.169.254, or RFC191
cvelistv5nvd
CVE-2025-64706P3HIGHCVSS 7.5v>= 3.9.0, < 3.13.02025-11-13
CVE-2025-64706 [HIGH] CWE-284 CVE-2025-64706: Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an I Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring aut
nvd
CVE-2026-39970P3HIGHCVSS 8.5fixed in 3.16.02026-05-22
CVE-2026-39970 [HIGH] CWE-79 CVE-2026-39970: TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerabi TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading a crafted malicious SVG file containing embedded JavaScri
cvelistv5nvd
CVE-2026-39965P3HIGHCVSS 7.7fixed in 3.16.02026-05-22
CVE-2026-39965 [HIGH] CWE-918 CVE-2026-39965: TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypas TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect dest
cvelistv5nvd
CVE-2025-65098P3HIGHCVSS 7.4fixed in 3.13.22026-01-22
CVE-2025-65098 [HIGH] CWE-79 CVE-2025-65098: Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/tr
nvd
CVE-2024-30264P3CRITICALCVSS 9.3fixed in 2.24.02024-04-04
CVE-2024-30264 [CRITICAL] CWE-79 CVE-2024-30264: Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in pag Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the att
nvd
CVE-2026-39968P3HIGHCVSS 7.1fixed in 3.16.02026-05-22
CVE-2026-39968 [HIGH] CWE-284 CVE-2026-39968: TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("C TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime still allows any authenticated user to u
cvelistv5nvd
CVE-2026-28444P3MEDIUMCVSS 6.5fixed in 3.16.02026-05-22
CVE-2026-28444 [MEDIUM] CWE-639 CVE-2026-28444: Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint auth Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker can supply their own typebotId alongside any victim's
cvelistv5nvd
CVE-2026-39969P3MEDIUMCVSS 6.5fixed in 3.17.02026-05-22
CVE-2026-39969 [MEDIUM] CWE-287 CVE-2026-39969: TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endp TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both workspaceId and credentialsId as path parameters,
cvelistv5nvd
CVE-2026-48759P3HIGHCVSS 7.1fixed in 3.16.02026-06-17
CVE-2026-48759 [HIGH] CWE-639 CVE-2026-48759: TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Referenc TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate
cvelistv5nvd
CVE-2026-39966P3MEDIUMCVSS 6.5fixed in 3.16.02026-05-22
CVE-2026-39966 [MEDIUM] CWE-863 CVE-2026-39966: TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns fu TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter() with an async callback — since filter() is synchronous
cvelistv5nvd
CVE-2026-39964P4MEDIUMCVSS 5.4fixed in 3.16.02026-05-22
CVE-2026-39964 [MEDIUM] CWE-79 CVE-2026-39964: TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/ TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embed
cvelistv5nvd
CVE-2026-39967P4LOWCVSS 3.1fixed in 3.16.02026-05-22
CVE-2026-39967 [LOW] CWE-639 CVE-2026-39967: TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult que TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user answers, variable values) from a different typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is constrained by CUID2's cryptog
cvelistv5nvd
Baptistearno Typebot.Io vulnerabilities | cvebase