CVE Catalog

CVE-2026-39965

High
Published: Translated: NVD NIST

Summary

TypeBot is a chatbot builder tool that in versions 3.15.2 and prior contains an SSRF via Open Redirect Bypass. This allows an authenticated user to point a bot block to an attacker-controlled server, leading to access to internal services.

Risk Assessment

The organization may be exposed to data leakage, including cloud IAM credentials, and the ability to probe internal APIs that are inaccessible from the internet.

Recommendation

It is recommended to update TypeBot to version 3.16.0 to mitigate this vulnerability and block access to internal services from external sources.

Original NVD description (English source)

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS