Skip to main content

Typebot CVE-2026-28444

MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-22 GitHub_M
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 22, 2026 - 16:46 vuln.today
Analysis Generated
May 22, 2026 - 16:46 vuln.today

DescriptionGitHub Advisory

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker can supply their own typebotId alongside any victim's resultId to read execution logs from other workspaces, leaking sensitive data including HTTP response bodies, AI model outputs, and webhook payloads. Every other result-scoped endpoint in the same router properly validates that the resultId belongs to the authorized typebotId. This confirms the missing check is an oversight, not a design choice. This issue has been fixed in version 3.15.2.

AnalysisAI

Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read execution logs belonging to other workspaces by supplying an arbitrary victim resultId alongside their own authorized typebotId. The endpoint authorizes the caller by typebotId but fetches log records by resultId alone, skipping cross-ownership validation that all peer endpoints in the same router correctly enforce. Exploitation exposes sensitive runtime data including HTTP response bodies, AI model outputs, and webhook payloads. No public exploit or CISA KEV listing has been identified at time of analysis, but the straightforward nature of the IDOR - requiring only a valid session and a guessed or enumerated resultId - makes unauthorized data access realistic for any authenticated platform user.

Technical ContextAI

Typebot is an open-source chatbot builder (cpe:2.3:a:baptistearno:typebot.io:*:*:*:*:*:*:*:*) with a tRPC/Next.js API layer. The vulnerable handler, handleGetResultLogs in apps/builder/src/features/results/api/handleGetResultLogs.ts, performs a Prisma database query using only the caller-supplied resultId as the lookup key, without joining or filtering on typebotId. CWE-639 (Authorization Through User-Controlled Key) precisely describes this root cause: authorization decisions rely on a user-controlled identifier (typebotId) that is never bound to the resource being fetched (resultId), creating a horizontal privilege escalation path. The fix, visible in commit d82b2d47c86ae614a08d4073c669ca64442faff2, changes the Prisma where clause from a flat resultId lookup to a compound condition requiring both id: resultId and typebotId: typebotId to match simultaneously, bringing the handler in line with all sibling endpoints.

RemediationAI

Upgrade Typebot to v3.16.0 or later, which contains the validated fix per the GitHub release at https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0 and the patching commit at https://github.com/baptisteArno/typebot.io/commit/d82b2d47c86ae614a08d4073c669ca64442faff2. The security advisory is published at https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-c63p-mqx5-75r7. If an immediate upgrade is not feasible, network-layer mitigations are limited because the vulnerability resides in authenticated API logic; however, operators can restrict API access to trusted IP ranges or require VPN for builder access to limit the pool of authenticated users who could exploit the flaw. Disabling cross-workspace result log sharing or temporarily restricting the /api/typebots/{id}/results/{resultId}/logs endpoint via a reverse proxy rule are short-term options, though the latter may break legitimate logging workflows. Patch application is the only complete remediation.

CVE-2026-33712 CRITICAL
10.0 May 22

Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers

CVE-2026-48768 CRITICAL
9.3 Jun 17

Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi

CVE-2026-28445 HIGH
8.7 May 22

Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor

CVE-2026-48764 HIGH
8.2 Jun 17

Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to

CVE-2026-49213 HIGH
8.1 Jul 10

Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared

CVE-2026-39965 HIGH
7.7 May 22

Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe

CVE-2026-34207 HIGH
7.6 May 22

Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR

CVE-2026-48759 HIGH
7.1 Jun 17

Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete th

CVE-2026-39968 HIGH
7.1 May 22

Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden

CVE-2026-39969 MEDIUM
6.5 May 22

Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to

CVE-2026-39966 MEDIUM
6.5 May 22

Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b

CVE-2026-39964 MEDIUM
5.4 May 22

Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre

Share

CVE-2026-28444 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy