Skip to main content

Typebot CVE-2026-39969

MEDIUM
Improper Authentication (CWE-287)
2026-05-22 GitHub_M
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 22, 2026 - 19:31 vuln.today
Analysis Generated
May 22, 2026 - 19:31 vuln.today

DescriptionGitHub Advisory

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both workspaceId and credentialsId as path parameters, which are logged in web server access logs, visible in Meta's webhook configuration dashboard, and potentially shared when configuring integrations. This allows any unauthenticated attacker to send spoofed webhook messages to trigger bot flows, consume API resources, and interact with external services using the workspace owner's credentials. The issue has been fixed in version 3.17.0.

AnalysisAI

Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to unauthenticated webhook spoofing by any network-accessible attacker. The endpoint POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook ignores the x-hub-signature-256 header that Meta includes with every legitimate delivery, and because both path parameters are semi-public by design - appearing in web server access logs and Meta's webhook configuration dashboard - the attack surface is readily discoverable. Successful exploitation allows an attacker to trigger arbitrary bot automation flows, consume API resources, and abuse external service integrations using the workspace owner's stored credentials. No public exploit identified at time of analysis; vendor-released patch available in version 3.17.0.

Technical ContextAI

The vulnerability resides in the WhatsApp Cloud API webhook integration of typebot.io (CPE: cpe:2.3:a:baptistearno:typebot.io:*:*:*:*:*:*:*:*). Meta's webhook delivery protocol requires receivers to verify an x-hub-signature-256 HMAC-SHA256 header computed against the raw request body using a shared app secret; this is the sole mechanism that distinguishes legitimate Meta-originated events from arbitrary attacker-crafted payloads. The affected endpoint omits this check entirely, mapping directly to CWE-287 (Improper Authentication). Compounding the risk, the endpoint embeds both workspaceId and credentialsId as URL path parameters, which are logged in web server access logs, visible in Meta's developer webhook configuration dashboard, and likely present in any shared integration setup documentation - making the URL practically discoverable without any reconnaissance beyond normal integration workflows.

RemediationAI

Upgrade to Typebot version 3.17.0, which includes a confirmed fix for WhatsApp webhook signature verification via commit e296c87 (PR #2498 'Fix WhatsApp webhook verification'). The release is available at https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.0 and the security advisory is at https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-8vqp-r5w7-v47f. For deployments that cannot immediately upgrade, a targeted compensating control is to restrict access to the /v1/workspaces/*/whatsapp/*/webhook path at the reverse-proxy or WAF layer to only Meta's published webhook delivery IP ranges; note this requires maintaining an up-to-date allowlist and will break delivery if Meta's ranges change. Alternatively, disabling the WhatsApp Cloud API integration entirely eliminates the attack surface at the cost of WhatsApp functionality. After patching, rotating WhatsApp Cloud API credentials is advisable if any unauthorized webhook activity is suspected.

CVE-2026-33712 CRITICAL
10.0 May 22

Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers

CVE-2026-48768 CRITICAL
9.3 Jun 17

Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi

CVE-2026-28445 HIGH
8.7 May 22

Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor

CVE-2026-48764 HIGH
8.2 Jun 17

Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to

CVE-2026-49213 HIGH
8.1 Jul 10

Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared

CVE-2026-39965 HIGH
7.7 May 22

Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe

CVE-2026-34207 HIGH
7.6 May 22

Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR

CVE-2026-48759 HIGH
7.1 Jun 17

Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete th

CVE-2026-39968 HIGH
7.1 May 22

Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden

CVE-2026-39966 MEDIUM
6.5 May 22

Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b

CVE-2026-28444 MEDIUM
6.5 May 22

Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read ex

CVE-2026-39964 MEDIUM
5.4 May 22

Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre

Share

CVE-2026-39969 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy