CVE-2026-39970 is a stored cross-site scripting vulnerability (CWE-79) in the TypeBot chatbot builder tool (baptisteArno project), affecting versions prior to 3.16.0. The vulnerability arises because the profile picture upload form on app.typebot.io fails to sanitize or restrict SVG/XML file uploads, allowing attackers to upload crafted SVG files containing embedded JavaScript. These malicious SVG files are persistently stored and rendered directly when accessed, enabling arbitrary JavaScript execution in users' browsers. This can lead to session/token theft, account takeover, and exfiltration of sensitive user data. The vulnerability has a CVSS 4.0 base score of 8.5 (high severity) and was publicly disclosed on 2026-05-22. The issue is resolved in TypeBot version 3.16.0.

Successful exploitation allows attackers to execute arbitrary JavaScript in the context of the victim's browser session on app.typebot.io. This can lead to theft of session tokens, account takeover, and unauthorized access to sensitive user information. Because the malicious payload is stored persistently and accessible via public links, the attack surface includes any user accessing the malicious profile picture. No known exploits in the wild have been reported at the time of disclosure.

Upgrade TypeBot to version 3.16.0 or later, where this vulnerability has been fixed. The fix involves proper sanitization and restriction of SVG/XML uploads in the profile picture upload form. Until the upgrade is applied, avoid uploading SVG files as profile pictures and restrict user uploads if possible. Patch status is confirmed fixed in version 3.16.0.