Description
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.
Published: 2026-05-22
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

TypeBot allows an authenticated user to add HTTP Request and Code blocks that send data to user‑supplied URLs. The platform validates the initial request to block private IP ranges, but it fails to re‑validate the destination after following a 302 redirect. This defect enables an attacker to instruct the server to transit a redirect to an internal address such as 169.254.169.254, thereby exposing cloud metadata, private subnets, and container‑internal services to the attacker. The vulnerability is a classic instance of CWE‑918 and can be used to exfiltrate IAM credentials or probe protected APIs that are otherwise unreachable from the Internet.

Affected Systems

The source publisher, baptisteArno/typebot.io, offers the TypeBot chatbot builder. All versions up to 3.15.2 are impacted; the issue was mitigated beginning with release 3.16.0.

Risk and Exploitability

The CVSS score of 7.7 categorises the flaw as high‑severity. While an EPSS score is not available, the lack of a CISA KEV listing suggests no known exploitation at the time of writing, yet the ability to hijack authenticated bot configuration grants an attacker full internal reach. The exploit requires an authenticated user role, making the risk confined to users who have editing rights on a bot. Nevertheless, once exploited, the impact includes credential theft and complete network enumeration.

Generated by OpenCVE AI on May 22, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade TypeBot to version 3.16.0 or later, which removes the redirect validation bug.
  • During the upgrade process, review all existing HTTP Request and Code blocks in your bots and remove or replace any that point to external URLs controlled by untrusted parties.
  • If an upgrade cannot be performed immediately, lock outbound HTTP traffic from the TypeBot server using network firewall rules or internal proxy settings so that redirects cannot reach private IP ranges.
  • Log and monitor outbound HTTP requests from the TypeBot server for anomalies, and investigate any unexpected internal service calls.

Generated by OpenCVE AI on May 22, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.
Title TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-22T18:25:48.123Z

Reserved: 2026-04-08T00:01:47.627Z

Link: CVE-2026-39965

cve-icon Vulnrichment

Updated: 2026-05-22T18:25:26.438Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T19:30:44Z

Weaknesses