CVE-2026-39968
HighSummary
TypeBot is a chatbot builder tool that in versions 3.15.2 and prior has an incomplete fix for the credential theft issue. Although the getCredentials tRPC endpoint was patched, the bot engine still allows authenticated users to use credentials from any workspace.
Risk Assessment
Exploitation of this vulnerability can lead to credential theft, external service abuse, financial loss, and data breaches.
Recommendation
It is recommended to update TypeBot to the latest version to patch this vulnerability and implement additional access controls on API endpoints.
Original NVD description (English source)
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime still allows any authenticated user to use credentials from any workspace via the preview chat endpoint. The bot-engine's getCredentials() utility function uses a falsy check (if (workspaceId && ...)) for workspace ownership validation. Since the preview endpoint accepts a client-controlled workspaceId field and the Zod schema allows empty strings, an attacker can supply workspaceId: "" to bypass credential ownership verification entirely. Exploitation can result in credential exfiltration, external service abuse, financial damage and a data breach.

