PT-2026-42818 · Typebot · Typebot

Published

2026-05-22

·

Updated

2026-05-22

·

CVE-2026-39965

CVSS v3.1

7.7

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0
Description An authenticated user can perform a Server-Side Request Forgery (SSRF) by bypassing open redirect protections. The HTTP Request block and Code block use the validateHttpReqUrl() function to block private IPs and cloud metadata hostnames during the initial request. However, the HTTP clients ky and fetch follow 302 redirects without re-validating the destination. This allows an attacker to redirect the server to internal IPs, such as AWS metadata (169.254.169.254), private subnets, and container-internal services, potentially leading to the extraction of cloud IAM credentials or the probing of internal APIs.
Recommendations Update to version 3.16.0.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-39965
GHSA-JXV3-M939-W95C

Affected Products

Typebot