Open Redirect Bypass Affecting TypeBot Chatbot Builder Tool
CVE-2026-39965

7.7HIGH

Key Information:

Vendor: Baptistearno
Status: Typebot.io
Vendor: CVE Published:; 22 May 2026

🔔 Create Baptistearno Vulnerability Alert

What is CVE-2026-39965?

TypeBot, a popular chatbot builder, has a vulnerability that allows authenticated users to exploit an SSRF flaw via an Open Redirect Bypass. This issue arises because while the platform attempts to validate the initial request URL to block access to private IPs and cloud metadata, the HTTP clients employed do not re-validate URLs during 302 redirects. Consequently, a malicious user can redirect bot requests to an attacker-controlled server that subsequently redirects to an internal IP address. This exploitation may lead to unauthorized access to AWS metadata, private subnets, or other internal services not normally accessible from external networks. The vulnerability has been resolved in version 3.16.0.

Affected Version(s)

typebot.io < 3.16.0

References

https://github.com/baptisteArno/typebot.io/security/advis...

x_refsource_CONFIRM

https://github.com/baptisteArno/typebot.io/releases/tag/v...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-39965 Data

JSON