CVE-2026-48768 | TypeBot is a chatbot builder tool. In versions 3.16.1 and ea… | CVSS 9.3 CRITICAL

Description

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any anonymous visitor to a published bot with a file input can upload attacker-controlled HTML, SVG, or JS to attacker-chosen subpaths, including other tenants’ publicly served result paths, enabling arbitrary content hosting and potential stored XSS on the storage origin. ../ traversal is blocked by S3/MinIO canonicalization (signature mismatch), but forward-slash path injection is exploitable. This issue has been fixed in version 3.17.0.

Metadata

CVE ID: CVE-2026-48768
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-22 19:39 UTC
Published: 2026-06-17 23:13 UTC
Last updated: 2026-06-17 23:13 UTC
Primary CWE: CWE-22
CWE-22: Improper Limitation of a Pathname to a Restricted Di…
Vendor / Product: baptisteArno / typebot.io
Sources: cve.org · NVD

Severity & Metrics

9.3 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
baptisteArno	typebot.io	—	< 3.17.0

Weakness (CWE)

CWE	Source	Description
CWE-22	cna	CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79	cna	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.3	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

References (2)

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf
https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.0 https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.0