CVE-2026-39968: CWE-284: Improper Access Control in baptisteArno typebot.io
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime still allows any authenticated user to use credentials from any workspace via the preview chat endpoint. The bot-engine's getCredentials() utility function uses a falsy check (if (workspaceId && ...)) for workspace ownership validation. Since the preview endpoint accepts a client-controlled workspaceId field and the Zod schema allows empty strings, an attacker can supply workspaceId: "" to bypass credential ownership verification entirely. Exploitation can result in credential exfiltration, external service abuse, financial damage and a data breach.
AI Analysis
Technical Summary
TypeBot versions 3.15.2 and earlier have an incomplete fix for a prior credential theft vulnerability. Although the getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime's preview chat endpoint still permits any authenticated user to retrieve credentials from any workspace. This is due to the getCredentials() utility function performing a falsy check on workspaceId, which can be bypassed by providing an empty string as workspaceId, accepted by the Zod schema. This flaw allows attackers to bypass credential ownership verification, leading to unauthorized credential access.
Potential Impact
Successful exploitation allows an authenticated user to bypass workspace membership checks and access credentials belonging to other workspaces. This can result in credential exfiltration, unauthorized use of external services, potential financial damage, and data breaches. The CVSS v3.1 base score is 7.1 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high confidentiality impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch link is provided at this time. Until a patch is available, restrict access to authenticated users carefully and monitor for suspicious activity related to workspace credential access. Avoid using vulnerable versions prior to 3.16.0 once a patch is released.
CVE-2026-39968: CWE-284: Improper Access Control in baptisteArno typebot.io
Description
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime still allows any authenticated user to use credentials from any workspace via the preview chat endpoint. The bot-engine's getCredentials() utility function uses a falsy check (if (workspaceId && ...)) for workspace ownership validation. Since the preview endpoint accepts a client-controlled workspaceId field and the Zod schema allows empty strings, an attacker can supply workspaceId: "" to bypass credential ownership verification entirely. Exploitation can result in credential exfiltration, external service abuse, financial damage and a data breach.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
TypeBot versions 3.15.2 and earlier have an incomplete fix for a prior credential theft vulnerability. Although the getCredentials tRPC endpoint was patched with workspace membership checks, the bot-engine runtime's preview chat endpoint still permits any authenticated user to retrieve credentials from any workspace. This is due to the getCredentials() utility function performing a falsy check on workspaceId, which can be bypassed by providing an empty string as workspaceId, accepted by the Zod schema. This flaw allows attackers to bypass credential ownership verification, leading to unauthorized credential access.
Potential Impact
Successful exploitation allows an authenticated user to bypass workspace membership checks and access credentials belonging to other workspaces. This can result in credential exfiltration, unauthorized use of external services, potential financial damage, and data breaches. The CVSS v3.1 base score is 7.1 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high confidentiality impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch link is provided at this time. Until a patch is available, restrict access to authenticated users carefully and monitor for suspicious activity related to workspace credential access. Avoid using vulnerable versions prior to 3.16.0 once a patch is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-08T00:01:47.627Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a10a423e1370fbb48342fdc
Added to database: 5/22/2026, 6:44:51 PM
Last enriched: 5/22/2026, 6:59:54 PM
Last updated: 5/23/2026, 7:41:06 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.