18 matches found
CVE-2026-39969
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-39969
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
EUVD-2026-31485
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-39969
CVE-2026-39969 (TypeBot) affects TypeBot prior to 3.17.0. The WhatsApp Cloud API webhook endpoint POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook did not verify the x-hub-signature-256 HMAC in deliveries. The endpoint also exposes workspaceId and credentialsId in the URL path, ...
PT-2026-42825
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.17.0 Description The WhatsApp Cloud API webhook endpoint 'POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook' fails to verify the x-hub-signature-256 HMAC signature provided by Meta. Because the...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
CVE-2026-33143 (OneUptime) affects OneUptime prior to version 10.0.34. The WhatsApp POST webhook handler at /notification/whatsapp/webhook processes events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC, enabling unauthenticated attackers to forge webhook payloads. Impact includes m...
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
OneUptime 数据伪造问题漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a data manipulation vulnerability. This vulnerability stemmed from the WhatsApp POST webhook processor not verifying the...
GHSA-G5PH-F57V-MWJC OneUptime WhatsApp Webhook Missing Signature Verification
Summary The WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery stat...
OneUptime WhatsApp Webhook Missing Signature Verification
Summary The WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery stat...
PT-2026-26199
Summary The WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery stat...