Skip to main content

Typebot CVE-2026-48759

HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-17 GitHub_M
7.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
vuln.today AI
7.1 HIGH

Network-reachable API, trivial request crafting, requires any low-priv non-guest workspace member (PR:L), no UI, high integrity from arbitrary template overwrite, low availability from deletion, no confidentiality impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 17, 2026 - 23:01 vuln.today
Analysis Generated
Jun 17, 2026 - 23:01 vuln.today

DescriptionCVE.org

TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0.

AnalysisAI

Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete theme templates belonging to other workspaces by supplying a foreign themeTemplateId to the handleSaveThemeTemplate and handleDeleteThemeTemplate handlers. The handlers verify only that the caller is a non-guest member of the workspaceId argument but execute Prisma queries that omit workspaceId from the WHERE clause, producing an Insecure Direct Object Reference (CWE-639). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain non-guest workspace account on target Typebot instance
Delivery
Harvest victim themeTemplateId from shared typebot or network traffic
Exploit
Call handleSaveThemeTemplate/handleDeleteThemeTemplate with own workspaceId and victim templateId
Execution
Bypass workspace authorization via IDOR in Prisma query
Impact
Modify or delete victim workspace theme template

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to (1) hold an authenticated, non-guest membership in at least one Typebot workspace on the target instance (PR:L) and (2) know or guess a themeTemplateId belonging to a different workspace, which the advisory notes can be observed via shared typebots or network traffic. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L (7.1 High) accurately reflects a network-reachable, low-complexity flaw requiring only a low-privileged authenticated account (any non-guest workspace member), producing high integrity impact (arbitrary modification of other workspaces' theme templates), low availability impact (deletion of those templates), and no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or already holds a low-privileged non-guest member account in any Typebot workspace, then harvests a victim workspace's themeTemplateId from a shared typebot page or by observing network traffic. They invoke handleSaveThemeTemplate with their own workspaceId (which passes the membership check) but the victim's themeTemplateId in the body, overwriting the victim's theme - or invoke handleDeleteThemeTemplate to destroy it. …
Remediation Vendor-released patch: Typebot 3.16.0 - upgrade self-hosted deployments to v3.16.0 or later (https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0) and consult GHSA-qv4p-4mp3-pvpv (https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qv4p-4mp3-pvpv) for advisory details. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Typebot instances and document current versions deployed. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33712 CRITICAL
10.0 May 22

Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers

CVE-2026-48768 CRITICAL
9.3 Jun 17

Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi

CVE-2026-28445 HIGH
8.7 May 22

Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor

CVE-2026-48764 HIGH
8.2 Jun 17

Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to

CVE-2026-49213 HIGH
8.1 Jul 10

Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared

CVE-2026-39965 HIGH
7.7 May 22

Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe

CVE-2026-34207 HIGH
7.6 May 22

Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR

CVE-2026-39968 HIGH
7.1 May 22

Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden

CVE-2026-39969 MEDIUM
6.5 May 22

Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to

CVE-2026-39966 MEDIUM
6.5 May 22

Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b

CVE-2026-28444 MEDIUM
6.5 May 22

Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read ex

CVE-2026-39964 MEDIUM
5.4 May 22

Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre

Share

CVE-2026-48759 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy