3 matches found
CVE-2026-48759
TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a...
CVE-2026-48759
CVE-2026-48759 (TypeBot) affects TypeBot versions 3.15.2 and earlier. The vulnerability arises in cross-workspace theme template handling: the API handlers handleSaveThemeTemplate and handleDeleteThemeTemplate validate the user is a non-guest member of the given workspaceId, but the subsequent Pr...
PT-2026-50564
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...