Typebot CVE-2026-28444
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker can supply their own typebotId alongside any victim's resultId to read execution logs from other workspaces, leaking sensitive data including HTTP response bodies, AI model outputs, and webhook payloads. Every other result-scoped endpoint in the same router properly validates that the resultId belongs to the authorized typebotId. This confirms the missing check is an oversight, not a design choice. This issue has been fixed in version 3.15.2.
AnalysisAI
Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read execution logs belonging to other workspaces by supplying an arbitrary victim resultId alongside their own authorized typebotId. The endpoint authorizes the caller by typebotId but fetches log records by resultId alone, skipping cross-ownership validation that all peer endpoints in the same router correctly enforce. Exploitation exposes sensitive runtime data including HTTP response bodies, AI model outputs, and webhook payloads. No public exploit or CISA KEV listing has been identified at time of analysis, but the straightforward nature of the IDOR - requiring only a valid session and a guessed or enumerated resultId - makes unauthorized data access realistic for any authenticated platform user.
Technical ContextAI
Typebot is an open-source chatbot builder (cpe:2.3:a:baptistearno:typebot.io:*:*:*:*:*:*:*:*) with a tRPC/Next.js API layer. The vulnerable handler, handleGetResultLogs in apps/builder/src/features/results/api/handleGetResultLogs.ts, performs a Prisma database query using only the caller-supplied resultId as the lookup key, without joining or filtering on typebotId. CWE-639 (Authorization Through User-Controlled Key) precisely describes this root cause: authorization decisions rely on a user-controlled identifier (typebotId) that is never bound to the resource being fetched (resultId), creating a horizontal privilege escalation path. The fix, visible in commit d82b2d47c86ae614a08d4073c669ca64442faff2, changes the Prisma where clause from a flat resultId lookup to a compound condition requiring both id: resultId and typebotId: typebotId to match simultaneously, bringing the handler in line with all sibling endpoints.
RemediationAI
Upgrade Typebot to v3.16.0 or later, which contains the validated fix per the GitHub release at https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0 and the patching commit at https://github.com/baptisteArno/typebot.io/commit/d82b2d47c86ae614a08d4073c669ca64442faff2. The security advisory is published at https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-c63p-mqx5-75r7. If an immediate upgrade is not feasible, network-layer mitigations are limited because the vulnerability resides in authenticated API logic; however, operators can restrict API access to trusted IP ranges or require VPN for builder access to limit the pool of authenticated users who could exploit the flaw. Disabling cross-workspace result log sharing or temporarily restricting the /api/typebots/{id}/results/{resultId}/logs endpoint via a reverse proxy rule are short-term options, though the latter may break legitimate logging workflows. Patch application is the only complete remediation.
More in Typebot Io
View allServer-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers
Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi
Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor
Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to
Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared
Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe
Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR
Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete th
Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden
Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to
Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b
Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today