The vulnerability resides in TypeBot’s bot‑engine preview chat endpoint. Although the builder’s getCredentials tRPC endpoint was patched to include workspace membership checks, the runtime logic still permits any authenticated user to retrieve credentials from any workspace. The bug stems from a flawed falsy check that accepts an empty workspace identifier; the endpoint accepts a client‑controlled workspaceId field, and the schema allows empty strings, so an attacker can submit workspaceId : "" to bypass all ownership verification. As a result, a malicious user can exfiltrate stored credentials, abuse external services that are authenticated with those credentials, and potentially cause financial loss and a data breach.

Any installation of typebot.io TypeBot running version 3.15.2 or earlier is susceptible. The issue was fixed in release v3.16.0 and later.

The CVSS score of 7.1 classifies the flaw as high severity. Exploitation requires a valid authenticated session, and the attack can be carried out remotely via the preview endpoint, making it accessible to any account holder. EPSS information is currently unavailable, but the lack of inclusion in the CISA KEV catalog does not diminish the risk; the logic flaw is straightforward to exploit once the attack vector is understood. Even without a public exploit, the combination of credential exfiltration and downstream abuse presents a serious threat to affected organizations.