CVE-2026-39964 - Vulnerability Details

- TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

Description

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded in a third-party site, the attacker's JavaScript runs in the host page's origin and can exfiltrate cookies and session tokens. This can result in any authenticated Typebot user (including those on the free tier) being able to create a bot with this payload. Shared bots are publicly accessible — no victim authentication is required. This issue has been resolved in version 3.16.0.

Published: 2026-05-22

Score: 5.4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows a bot author to embed a link that uses the javascript: URI scheme within a rich text bubble. When a user clicks the link in the viewer, the browser executes the supplied JavaScript in the context of the host page, which can access and exfiltrate cookies or session tokens and leak user data. This constitutes a stored cross‑site scripting flaw that can compromise confidentiality and data integrity for anyone who views the affected bot.

Affected Systems

The flaw exists in Typebot.io (baptisteArno) versions earlier than 3.16.0. Any user of the platform who can create or edit bots—including free tier accounts—can embed the malicious link, and all visitors to a shared or public bot are potential victims.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. The EPSS score is currently unavailable, which suggests the exploit likelihood is unknown, and the vulnerability is not listed in the CISA KEV catalog. Attackers must have the ability to build or modify a bot and need users to click the injected link on a page that embeds the Typebot viewer. Once triggered, the attacker’s script runs as if it originated from the host site, providing significant risk to data confidentiality for all visitors.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

baptisteArno

typebot.io

affected

Version	Status	Constraints
`< 3.16.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Typebot viewer to version 3.16.0 or later to eliminate the vulnerable link rendering
Ensure that any embedded Typebot instances on third‑party sites use the patched viewer and that the site itself validates or sanitizes link URLs before rendering
If immediate upgrade is not possible, remove the javascript: scheme from any user‑supplied URLs or block links that use this scheme to prevent script execution

Generated by OpenCVE AI on May 22, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/baptisteArno/typebot.io/commit/2c3fc7267a5e1529ba4b1a2ab4f1edb3e3b8990b
https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0
https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-hqmv-v56g-4m47

History

Sat, 23 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer (packages/embeds/js) renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded in a third-party site, the attacker's JavaScript runs in the host page's origin and can exfiltrate cookies and session tokens. This can result in any authenticated Typebot user (including those on the free tier) being able to create a bot with this payload. Shared bots are publicly accessible — no victim authentication is required. This issue has been resolved in version 3.16.0.
Title		TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers
Weaknesses		CWE-79
References		https://github.com/baptisteArno/typebot.io/commit/2c3fc7267a5e1529ba4b1a2ab4f1edb3e3b8990b https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0 https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-hqmv-v56g-4m47
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-22T17:21:20.237Z

Updated: 2026-05-23T02:34:09.886Z

Reserved: 2026-04-08T00:01:47.627Z

Link: CVE-2026-39964

Vulnrichment

Updated: 2026-05-23T02:33:26.920Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T19:30:44Z

Weaknesses

CWE-79

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object