CVE-2026-39966: CWE-863: Incorrect Authorization in baptisteArno typebot.io
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter() with an async callback — since filter() is synchronous, the callback always returns a truthy Promise, so the access control predicate is never actually evaluated. Any authenticated Typebot user can read the full definition of any other workspace's private bots, including: all conversation blocks and logic flow, variable values embedded in the bot (credentials, API keys, PII), webhook URLs and integration configurations. This issue has been fixed in version 3.16.0.
AI Analysis
Technical Summary
TypeBot versions before 3.16.0 contain an incorrect authorization vulnerability (CWE-863) in the getLinkedTypebots API endpoint. The endpoint returns full bot definitions to any authenticated user referencing a target bot ID, regardless of workspace ownership. The root cause is misuse of an async callback with Array.filter(), which is synchronous, resulting in the access control predicate always evaluating as true. This allows unauthorized access to private bot data including conversation blocks, logic flow, sensitive variables, and integration details. The vulnerability is addressed in version 3.16.0.
Potential Impact
Any authenticated user of TypeBot prior to version 3.16.0 can access private bot definitions belonging to other workspaces. This exposure includes sensitive information such as credentials, API keys, personally identifiable information, webhook URLs, and integration configurations. The confidentiality of private workspace data is compromised, but there is no indication of impact to integrity or availability. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade TypeBot to version 3.16.0 or later, where this authorization issue has been fixed. Since this is a self-hosted product, users must apply the update themselves. Patch status is confirmed by the vendor advisory stating the fix is included in version 3.16.0. Until upgraded, restrict authenticated user access where possible to limit exposure.
CVE-2026-39966: CWE-863: Incorrect Authorization in baptisteArno typebot.io
Description
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter() with an async callback — since filter() is synchronous, the callback always returns a truthy Promise, so the access control predicate is never actually evaluated. Any authenticated Typebot user can read the full definition of any other workspace's private bots, including: all conversation blocks and logic flow, variable values embedded in the bot (credentials, API keys, PII), webhook URLs and integration configurations. This issue has been fixed in version 3.16.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
TypeBot versions before 3.16.0 contain an incorrect authorization vulnerability (CWE-863) in the getLinkedTypebots API endpoint. The endpoint returns full bot definitions to any authenticated user referencing a target bot ID, regardless of workspace ownership. The root cause is misuse of an async callback with Array.filter(), which is synchronous, resulting in the access control predicate always evaluating as true. This allows unauthorized access to private bot data including conversation blocks, logic flow, sensitive variables, and integration details. The vulnerability is addressed in version 3.16.0.
Potential Impact
Any authenticated user of TypeBot prior to version 3.16.0 can access private bot definitions belonging to other workspaces. This exposure includes sensitive information such as credentials, API keys, personally identifiable information, webhook URLs, and integration configurations. The confidentiality of private workspace data is compromised, but there is no indication of impact to integrity or availability. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade TypeBot to version 3.16.0 or later, where this authorization issue has been fixed. Since this is a self-hosted product, users must apply the update themselves. Patch status is confirmed by the vendor advisory stating the fix is included in version 3.16.0. Until upgraded, restrict authenticated user access where possible to limit exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-08T00:01:47.627Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a10a423e1370fbb48342fd6
Added to database: 5/22/2026, 6:44:51 PM
Last enriched: 5/22/2026, 6:59:59 PM
Last updated: 5/23/2026, 5:10:18 PM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.