CVE-2026-48759 | TypeBot is a chatbot builder tool. Versions 3.15.2 and below… | CVSS 7.1 HIGH

Description

TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0.

Metadata

CVE ID: CVE-2026-48759
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-22 19:39 UTC
Published: 2026-06-17 21:56 UTC
Last updated: 2026-06-17 21:56 UTC
Primary CWE: CWE-639
CWE-639: Authorization Bypass Through User-Controlled Key
Vendor / Product: baptisteArno / typebot.io
Sources: cve.org · NVD

Severity & Metrics

7.1 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Affected products (1)

Vendor	Product	Platform	Versions
baptisteArno	typebot.io	—	< 3.16.0

Weakness (CWE)

CWE	Source	Description
CWE-639	cna	CWE-639: Authorization Bypass Through User-Controlled Key

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.1	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

References (2)

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qv4p-4mp3-pvpv https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qv4p-4mp3-pvpv
https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0 https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0