Typebot CVE-2026-48759
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Network-reachable API, trivial request crafting, requires any low-priv non-guest workspace member (PR:L), no UI, high integrity from arbitrary template overwrite, low availability from deletion, no confidentiality impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0.
AnalysisAI
Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete theme templates belonging to other workspaces by supplying a foreign themeTemplateId to the handleSaveThemeTemplate and handleDeleteThemeTemplate handlers. The handlers verify only that the caller is a non-guest member of the workspaceId argument but execute Prisma queries that omit workspaceId from the WHERE clause, producing an Insecure Direct Object Reference (CWE-639). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to (1) hold an authenticated, non-guest membership in at least one Typebot workspace on the target instance (PR:L) and (2) know or guess a themeTemplateId belonging to a different workspace, which the advisory notes can be observed via shared typebots or network traffic. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L (7.1 High) accurately reflects a network-reachable, low-complexity flaw requiring only a low-privileged authenticated account (any non-guest workspace member), producing high integrity impact (arbitrary modification of other workspaces' theme templates), low availability impact (deletion of those templates), and no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or already holds a low-privileged non-guest member account in any Typebot workspace, then harvests a victim workspace's themeTemplateId from a shared typebot page or by observing network traffic. They invoke handleSaveThemeTemplate with their own workspaceId (which passes the membership check) but the victim's themeTemplateId in the body, overwriting the victim's theme - or invoke handleDeleteThemeTemplate to destroy it. … |
| Remediation | Vendor-released patch: Typebot 3.16.0 - upgrade self-hosted deployments to v3.16.0 or later (https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0) and consult GHSA-qv4p-4mp3-pvpv (https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qv4p-4mp3-pvpv) for advisory details. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Typebot instances and document current versions deployed. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Typebot Io
View allServer-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers
Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi
Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor
Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to
Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared
Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe
Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR
Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden
Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to
Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b
Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read ex
Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today