CVE-2026-33712CRITICAL 10.0EPSS p26.6%

CVE-2026-33712CVE-2026-33712

Description

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS0.35% probability of exploitation · percentile 26.6% · 2026-06-19T12:03:05Z
Published2026-05-22
Last modified2026-05-22

Underlying weaknesses· 2

CWE-862CWE-918

References

  1. https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0
  2. https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-vc2q-r6rq-ggj9
  3. https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-vc2q-r6rq-ggj9

2

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64709
CVE
CVE-2026-28445
CVE
CVE-2026-22742
CVE
CVE-2025-62616
CVE
CVE-2025-21384
CVE
CVE-2025-22603
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.