Description
TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0.
Published: 2026-06-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An Insecure Direct Object Reference (IDOR) in TypeBot allows any authenticated non‑guest user to modify or delete theme templates that belong to other workspaces. The vulnerability occurs because the save and delete handlers validate the user's membership in the target workspace but do not include the workspace identifier in the database query. This means an attacker can change or remove design data they should not have access to, and the template identifiers can be exposed through shared bot links or network traffic.

Affected Systems

The issue affects the TypeBot chatbot builder tool provided by baptisteArno. Versions 3.15.2 and earlier are vulnerable; the fix is available in release v3.16.0. The specific endpoints are handleSaveThemeTemplate and handleDeleteThemeTemplate, which manipulate themeTemplateId without scoping the operation to the authenticated user's workspace.

Risk and Exploitability

The vulnerability is rated as a high‑severity CVSS score of 7.1. Its EPSS score is below 1%, indicating a low current exploitation probability, and it is not listed in the CISA KEV catalog. Exploitation requires only legitimate authentication and does not need special network access, making it accessible to any user with a usable account in the system. While the chance of immediate exploitation is low, the potential impact on confidentiality and integrity of design assets across workspaces warrants prompt remediation.

Generated by OpenCVE AI on June 18, 2026 at 19:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade TypeBot to version 3.16.0 or later to eliminate the IDOR.
  • Restrict user roles to minimize the number of non‑guest users who could abuse the vulnerability.
  • Continuously monitor vendor advisories for updates and apply patches as soon as they are available.

Generated by OpenCVE AI on June 18, 2026 at 19:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Baptistearno
Baptistearno typebot.io
Vendors & Products Baptistearno
Baptistearno typebot.io

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0.
Title TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Baptistearno Typebot.io
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-18T12:47:31.567Z

Reserved: 2026-05-22T19:39:05.356Z

Link: CVE-2026-48759

cve-icon Vulnrichment

Updated: 2026-06-18T12:47:27.239Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key