4 matches found
CVE-2026-39966
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...
CVE-2026-39966 TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...
EUVD-2026-31482
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...
Typebot 安全漏洞
Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the preview chat endpoint, which allowed unverified users to forge server-side requests by providing custom bot...