CVE-2026-33712: CWE-862: Missing Authorization in baptisteArno typebot.io
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.
AI Analysis
Technical Summary
CVE-2026-33712 is a critical SSRF vulnerability in baptisteArno's Typebot (<= 3.15.2) affecting the POST /api/v1/typebots/{typebotId}/preview/startChat endpoint. The issue arises because the fetch function inside the isolated-vm sandbox calls Node.js native fetch without applying the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This missing authorization and validation allows unauthenticated users to perform SSRF attacks, bypassing mitigations introduced after GHSA-8gq9-rw7v-3jpr. The vulnerability enables attackers to access internal resources, steal cloud credentials, and exfiltrate data. It is resolved in version 3.16.0.
Potential Impact
An unauthenticated attacker can exploit this SSRF vulnerability to bypass existing SSRF protections, potentially leading to cloud credential theft, unauthorized access to internal networks, and data exfiltration. This impacts both self-hosted and hosted Typebot deployments prior to version 3.16.0. The CVSS v3.1 score is 10.0 (critical), reflecting the high impact on confidentiality and integrity without requiring privileges or user interaction.
Mitigation Recommendations
Upgrade Typebot to version 3.16.0 or later, where this SSRF vulnerability has been fixed. Since this is not a cloud service, remediation depends on patching the affected software. Patch status is confirmed by the vendor advisory indicating the fix in 3.16.0. No additional mitigations are specified.
CVE-2026-33712: CWE-862: Missing Authorization in baptisteArno typebot.io
Description
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33712 is a critical SSRF vulnerability in baptisteArno's Typebot (<= 3.15.2) affecting the POST /api/v1/typebots/{typebotId}/preview/startChat endpoint. The issue arises because the fetch function inside the isolated-vm sandbox calls Node.js native fetch without applying the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This missing authorization and validation allows unauthenticated users to perform SSRF attacks, bypassing mitigations introduced after GHSA-8gq9-rw7v-3jpr. The vulnerability enables attackers to access internal resources, steal cloud credentials, and exfiltrate data. It is resolved in version 3.16.0.
Potential Impact
An unauthenticated attacker can exploit this SSRF vulnerability to bypass existing SSRF protections, potentially leading to cloud credential theft, unauthorized access to internal networks, and data exfiltration. This impacts both self-hosted and hosted Typebot deployments prior to version 3.16.0. The CVSS v3.1 score is 10.0 (critical), reflecting the high impact on confidentiality and integrity without requiring privileges or user interaction.
Mitigation Recommendations
Upgrade Typebot to version 3.16.0 or later, where this SSRF vulnerability has been fixed. Since this is not a cloud service, remediation depends on patching the affected software. Patch status is confirmed by the vendor advisory indicating the fix in 3.16.0. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-23T17:06:05.747Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a108f08e1370fbb482626fa
Added to database: 5/22/2026, 5:14:48 PM
Last enriched: 5/22/2026, 5:29:55 PM
Last updated: 5/23/2026, 8:13:27 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.