TypeBot (baptisteArno) versions 3.16.1 and earlier expose an unauthenticated POST endpoint (/api/blocks/file-input/v3/generate-upload-url) that accepts unsanitized fileName input to construct S3 object keys and generate presigned PUT URLs without binding the Content-Type header. Although directory traversal using '../' is blocked by S3/MinIO canonicalization, forward-slash path injection is exploitable, allowing attackers to upload malicious HTML, SVG, or JavaScript files to attacker-chosen subpaths, including other tenants' publicly served paths. This can lead to arbitrary content hosting and stored XSS on the storage origin. The vulnerability is tracked as CVE-2026-48768 with a CVSS 3.1 score of 9.3 (critical). The issue has been fixed in TypeBot version 3.17.0. As this is a cloud service, the vendor manages remediation server-side.

An unauthenticated attacker can upload malicious files to arbitrary subpaths within the storage used by TypeBot, potentially affecting multiple tenants. This enables arbitrary content hosting and stored cross-site scripting (XSS) attacks, which can lead to compromise of user sessions or execution of malicious scripts in users' browsers. The vulnerability does not impact availability but has high confidentiality and integrity impact.

The vulnerability has been fixed in TypeBot version 3.17.0. Since TypeBot is a cloud-hosted service, the vendor manages remediation server-side. Users should verify with the vendor that their service instance is updated to the fixed version. No additional action is required if the vendor confirms the fix is applied.