CVE-2026-39967 - Vulnerability Details

Description

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user answers, variable values) from a different typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is constrained by CUID2's cryptographically random 24-character IDs (making brute-force infeasible), the requirement that rememberUser be enabled, and the need for matching variable names in the current typebot. If successfully exploited, an attacker can access the original user's previous answers, session variable values, and hasStarted flag, potentially exposing PII like names, emails, and phone numbers. This issue has been fixed in version 3.16.0.

Published: 2026-05-22

Score: 3.1 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Typebot.io, a chatbot builder, contains a flaw in its bot engine where the query that retrieves result data is not properly filtered by the typebotId. This oversight allows an authenticated user to request the data of another typebot by supplying a foreign resultId to the startChat endpoint, thereby accessing that bot's answers, variable values, and certain session flags. The vulnerability can expose personally identifying information such as names, emails and phone numbers from previous user sessions.

Affected Systems

The flaw affects all installations of Typebot.io version 3.15.2 and earlier. The affected vendor is baptisteArno:typebot.io. To reach the impacted code, the attacker must use the startChat API endpoint on a logged‑in account. Upgrading to the released version 3.16.0 removes the missing filter and protects the data.

Risk and Exploitability

The CVSS score of 3.1 reflects a low severity due to the authentication requirement. Because the exploit depends on a cryptographically random 24‑character CUID2 token and the requirement for matching variable names, brute‑force attempts are infeasible, and the opportunity window is narrow. Although the EPSS score is currently unavailable, the vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation has been reported yet. Nonetheless, if an authenticated user can target another bot, they could read PII and session state, presenting a data confidentiality risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

baptisteArno

typebot.io

affected

Version	Status	Constraints
`< 3.16.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to Typebot.io v3.16.0 or later to apply the fix that adds the typebotId filter to the findResult query.
Validate the typebotId against the authenticated user's permissions before processing findResult queries to enforce access control.
Disable or restrict the rememberUser feature for accounts where cross‑bot data exposure is a concern, or enforce strict session isolation so that variable names must align with the current bot context.

Generated by OpenCVE AI on May 22, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/baptisteArno/typebot.io/commit/73162634e6bdebd37a1a571db4062d30854e0400
https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0
https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-f475-7m4x-m6mx

History

Fri, 22 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description		TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user answers, variable values) from a different typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is constrained by CUID2's cryptographically random 24-character IDs (making brute-force infeasible), the requirement that rememberUser be enabled, and the need for matching variable names in the current typebot. If successfully exploited, an attacker can access the original user's previous answers, session variable values, and hasStarted flag, potentially exposing PII like names, emails, and phone numbers. This issue has been fixed in version 3.16.0.
Title		TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter
Weaknesses		CWE-639 CWE-862
References		https://github.com/baptisteArno/typebot.io/commit/73162634e6bdebd37a1a571db4062d30854e0400 https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0 https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-f475-7m4x-m6mx
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-22T18:36:23.724Z

Updated: 2026-05-22T18:36:23.724Z

Reserved: 2026-04-08T00:01:47.627Z

Link: CVE-2026-39967

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T20:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object