Skip to main content

Typebot EUVDEUVD-2026-43109

| CVE-2026-49213 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-10 GitHub_M
8.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Network-reachable via chat endpoints (AV:N, AC:L), but requires an authenticated workspace editor/creator to configure the block (PR:L); SSRF exposes and manipulates internal services (C:H/I:H) without availability impact (A:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 23:02 EUVD
Analysis Generated
Jul 10, 2026 - 22:15 vuln.today

DescriptionCVE.org

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. A workspace editor or creator can configure a server-side HTTP Request block or guarded script fetch to make the Typebot server connect to local HTTP services through safeKy, including flows triggered by POST /v1/typebots/{publicId}/startChat or POST /v1/sessions/{sessionId}/continueChat. This issue is fixed in version 3.17.2.

AnalysisAI

Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared SSRF validator using the IPv6 unspecified address :: (and its expanded form), which validateIPAddress in packages/lib/src/ssrf/validateHttpReqUrl.ts fails to block. By configuring a server-side HTTP Request block or guarded script fetch, an attacker coerces the Typebot server to reach local HTTP services via safeKy, including flows reachable through startChat and continueChat endpoints. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain workspace editor/creator access
Delivery
Configure HTTP Request block targeting http://[::]:port
Exploit
Trigger flow via startChat/continueChat
Execution
Server resolves :: to loopback, bypassing SSRF filter
Impact
Read/relay internal service responses

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated account holding a workspace editor or creator role (CVSS PR:L) able to configure a server-side HTTP Request block or a guarded script fetch that Typebot executes via safeKy. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, base 8.1) indicates a network-reachable, low-complexity attack requiring low privileges and no user interaction, with high confidentiality and integrity impact but no availability impact - consistent with an SSRF that reads and manipulates internal services but does not by itself crash the host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user with workspace editor or creator access in a shared or multi-tenant Typebot instance builds a bot flow containing an HTTP Request block (or guarded script fetch) whose target URL points at http://[::]:<port>/ of an internal service. When the flow is triggered via startChat or continueChat, the Typebot server resolves :: to localhost, bypasses the SSRF deny-list, and returns responses from internal-only HTTP services (such as cloud metadata or unauthenticated admin APIs) to the attacker. …
Remediation Vendor-released patch: upgrade Typebot to version 3.17.2, which extends validateIPAddress to block the IPv6 unspecified address :: and its expanded form (fix commit f56c3c3f771df13a8c11e88f500dfdd78981bed1, PR https://github.com/baptisteArno/typebot.io/pull/2511, release https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.2, advisory https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qx46-p88f-xxm3). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Typebot instances and versions; restrict workspace editor and creator roles to trusted personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33712 CRITICAL
10.0 May 22

Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers

CVE-2026-48768 CRITICAL
9.3 Jun 17

Unauthenticated cross-tenant file upload in Typebot.io chatbot builder versions 3.16.1 and earlier allows anonymous visi

CVE-2026-28445 HIGH
8.7 May 22

Stored cross-site scripting in Typebot chatbot builder versions 3.15.2 and prior allows a malicious imported or collabor

CVE-2026-48764 HIGH
8.2 Jun 17

Server-side request forgery in Typebot chatbot builder before version 3.17.2 allows remote unauthenticated attackers to

CVE-2026-39965 HIGH
7.7 May 22

Server-side request forgery in Typebot versions 3.15.2 and prior allows authenticated users to bypass the validateHttpRe

CVE-2026-34207 HIGH
7.6 May 22

Server-side request forgery in Typebot chatbot builder versions prior to 3.16.0 allows authenticated users to bypass SSR

CVE-2026-48759 HIGH
7.1 Jun 17

Cross-workspace tampering in Typebot 3.15.2 and earlier allows any authenticated workspace member to modify or delete th

CVE-2026-39968 HIGH
7.1 May 22

Authorization bypass in Typebot chatbot builder versions 3.15.2 and prior allows any authenticated user to access creden

CVE-2026-39969 MEDIUM
6.5 May 22

Missing HMAC signature validation on Typebot's WhatsApp Cloud API webhook endpoint exposes versions 3.16.0 and prior to

CVE-2026-39966 MEDIUM
6.5 May 22

Typebot 3.15.2 exposes complete private bot definitions across all workspaces to any authenticated platform user via a b

CVE-2026-28444 MEDIUM
6.5 May 22

Insecure Direct Object Reference (IDOR) in Typebot's getResultLogs API endpoint allows any authenticated user to read ex

CVE-2026-39964 MEDIUM
5.4 May 22

Stored XSS in Typebot's JavaScript viewer embed (packages/embeds/js) allows any authenticated bot author - including fre

Share

EUVD-2026-43109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy