What is the CVSS score of CVE-2026-28445?

CVE-2026-28445 has a CVSS 3.1 base score of 8.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Typebot are affected by CVE-2026-28445?

Typebot's SaaS chatbot builder platform (versions 3.15.2 and prior) contains a vulnerability enabling attackers to compromise authenticated builder accounts through shared or imported bot files,…. A patch is available.

Typebot CVE-2026-28445

EUVD-2026-31466 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-05-22 GitHub_M

GHSA-6m7c-xfhp-p9fh

XSS Privilege Escalation Typebot Io

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 26, 2026 - 18:02 EUVD

Source Code Evidence Fetched

May 22, 2026 - 16:45 vuln.today

Analysis Generated

May 22, 2026 - 16:45 vuln.today

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 npm packages depend on @typebot.io/js (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.10.1.

DescriptionNVD

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere in the codebase (e.g., StreamingBubble.tsx). Because rating blocks are not flagged as isUnsafe by the import sanitizer and the builder preview renders bots inline on the builder's own origin (builder.typebot.io) under a CSP permitting 'unsafe-inline', a malicious imported or collaborator-crafted typebot can execute arbitrary HTML/JS in the builder's authenticated context, bypassing the Web Worker sandbox that protects Script blocks during preview. This allows session hijacking and privilege escalation within the builder application. This issue has been fixed in version 3.16.0.

AnalysisAI

Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collaborator-crafted bot to execute arbitrary HTML/JavaScript in the authenticated builder context via the RatingButton component's customIcon.svg field. Because the builder preview renders bots inline on builder.typebot.io under a CSP permitting 'unsafe-inline', successful exploitation enables session hijacking and privilege escalation within the SaaS builder, with no public exploit identified at time of analysis.

RemediationAI

Within 24 hours: Identify all Typebot users and document collaborative chatbot workflows within your organization. Within 7 days: Contact Typebot support to request patch timeline and interim security measures; if unavailable, restrict bot imports to internally-created sources and disable external collaboration pending a fix. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28445 vulnerability details – vuln.today

Back