What is the CVSS score of CVE-2026-33712?

CVE-2026-33712 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Typebot are affected by CVE-2026-33712?

Typebot chatbot builder (versions 3.15.2 and prior) contains a critical server-side request forgery vulnerability in the preview chat endpoint that allows unauthenticated attackers to trigger…

Typebot CVE-2026-33712

CRITICAL

Missing Authorization (CWE-862)

2026-05-22 GitHub_M

Authentication Bypass SSRF Node.js Typebot Io

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 22, 2026 - 17:45 vuln.today

Analysis Generated

May 22, 2026 - 17:45 vuln.today

DescriptionNVD

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.

AnalysisAI

Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers to abuse the preview chat endpoint to make arbitrary internal HTTP requests from the server. The flaw stems from the isolated-vm sandbox's fetch function calling Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects HTTP Request blocks, bypassing mitigations added after GHSA-8gq9-rw7v-3jpr. …

RemediationAI

Within 24 hours: Inventory all Typebot deployments and assess whether the preview chat endpoint is exposed to untrusted users; if not business-critical, disable it immediately. Within 7 days: Implement network segmentation to restrict Typebot server outbound connectivity to only required destinations; deploy WAF or reverse proxy rules to block suspicious internal IP requests from the preview endpoint. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33712 vulnerability details – vuln.today

Back

Typebot CVE-2026-33712

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code