Description
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is then performed later using the original hostname, without pinning the validated IP to the network connection. An attacker who can supply a URL to a public bot that performs a server-side HTTP Request block or server-side script fetch can use DNS rebinding to pass the initial validation and still force the server to connect to a private or metadata address during the real request. This enables server-side access to private network services, cloud metadata endpoints, and other internal HTTP targets that the validator was intended to block. The exact downstream impact depends on the reachable internal services. Concrete consequences include metadata disclosure, access to internal admin panels, credential theft from metadata services, and further compromise through internal-only HTTP interfaces. This issue has been fixed in version 3.17.2.
Published: 2026-06-17
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In earlier versions of the TypeBot chatbot builder tool, an SSRF protection mechanism incorrectly validates hostnames by checking a single DNS resolution before allowing an outbound request. The lack of pinning the resolved IP to the ultimate network connection introduces a time‑of‑check to time‑of‑use gap. An attacker who supplies a URL to a public bot that triggers a server‑side HTTP request or script fetch can use DNS rebinding to pass the initial validation while the actual request resolves to a different IP at the time of use. This flaw enables the server to reach private network services, cloud metadata endpoints and other internal HTTP targets that the validator was designed to block.

Affected Systems

The vulnerability affects all installations of TypeBot built with the baptisteArno:typebot.io platform running any version prior to 3.17.2. Users should verify that their deployed instance has been upgraded to the latest release where the SSRF guard has been corrected.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity and the EPSS score of less than 1% reflects a low current exploitation probability. The flaw is not listed in the CISA KEV catalog. The likely attack vector is remote; an adversary can supply a malicious URL through a public bot interface, exploiting DNS rebinding to force the TypeBot server to send requests to internal addresses, potentially exposing metadata, internal admin panels, or credential information.

Generated by OpenCVE AI on June 18, 2026 at 19:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the TypeBot instance to version 3.17.2 or later to apply the SSRF guard fix.
  • If an upgrade cannot be performed immediately, limit the use of server-side HTTP request and script fetch blocks to trusted individuals or internal accounts, blocking public bot input that can trigger them.
  • Configure network segmentation or firewall rules to prevent the TypeBot server from reaching internal IP ranges that could be accessed via SSRF, thereby reducing the impact surface.

Generated by OpenCVE AI on June 18, 2026 at 19:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Baptistearno
Baptistearno typebot.io
Vendors & Products Baptistearno
Baptistearno typebot.io

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is then performed later using the original hostname, without pinning the validated IP to the network connection. An attacker who can supply a URL to a public bot that performs a server-side HTTP Request block or server-side script fetch can use DNS rebinding to pass the initial validation and still force the server to connect to a private or metadata address during the real request. This enables server-side access to private network services, cloud metadata endpoints, and other internal HTTP targets that the validator was intended to block. The exact downstream impact depends on the reachable internal services. Concrete consequences include metadata disclosure, access to internal admin panels, credential theft from metadata services, and further compromise through internal-only HTTP interfaces. This issue has been fixed in version 3.17.2.
Title TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Baptistearno Typebot.io
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-18T13:07:07.778Z

Reserved: 2026-05-22T19:39:05.356Z

Link: CVE-2026-48764

cve-icon Vulnrichment

Updated: 2026-06-18T13:07:01.309Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:15:02Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)