CVE-2026-39965: CWE-918: Server-Side Request Forgery (SSRF) in baptisteArno typebot.io
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.
AI Analysis
Technical Summary
Typebot.io versions prior to 3.16.0 contain an SSRF vulnerability due to insufficient validation of HTTP redirect destinations in bot blocks. While initial URLs are validated to block private IPs and cloud metadata addresses, HTTP clients (ky and fetch) follow 302 redirects without re-validation, allowing an authenticated user to redirect requests to internal network resources. This enables access to AWS metadata service (169.254.169.254), private subnets, and container-internal services, potentially exposing cloud IAM credentials and internal APIs. The vulnerability is fixed in version 3.16.0. The product is a cloud service, and the vendor manages remediation server-side.
Potential Impact
An authenticated attacker can exploit this SSRF vulnerability to cause the Typebot server to access internal network resources, including AWS metadata endpoints and private subnets. This can lead to exposure of sensitive cloud IAM credentials and unauthorized probing of internal APIs that are not accessible from the internet. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
A fix is available in typebot.io version 3.16.0. Since typebot.io is a cloud-hosted service, the vendor manages remediation server-side. Users should ensure they are using version 3.16.0 or later to mitigate this vulnerability. Patch status is confirmed by the vendor advisory.
CVE-2026-39965: CWE-918: Server-Side Request Forgery (SSRF) in baptisteArno typebot.io
Description
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Typebot.io versions prior to 3.16.0 contain an SSRF vulnerability due to insufficient validation of HTTP redirect destinations in bot blocks. While initial URLs are validated to block private IPs and cloud metadata addresses, HTTP clients (ky and fetch) follow 302 redirects without re-validation, allowing an authenticated user to redirect requests to internal network resources. This enables access to AWS metadata service (169.254.169.254), private subnets, and container-internal services, potentially exposing cloud IAM credentials and internal APIs. The vulnerability is fixed in version 3.16.0. The product is a cloud service, and the vendor manages remediation server-side.
Potential Impact
An authenticated attacker can exploit this SSRF vulnerability to cause the Typebot server to access internal network resources, including AWS metadata endpoints and private subnets. This can lead to exposure of sensitive cloud IAM credentials and unauthorized probing of internal APIs that are not accessible from the internet. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
A fix is available in typebot.io version 3.16.0. Since typebot.io is a cloud-hosted service, the vendor manages remediation server-side. Users should ensure they are using version 3.16.0 or later to mitigate this vulnerability. Patch status is confirmed by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-08T00:01:47.627Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a109994e1370fbb482dd15b
Added to database: 5/22/2026, 5:59:48 PM
Last enriched: 5/22/2026, 6:14:52 PM
Last updated: 5/23/2026, 3:16:40 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.