PT-2026-42821 · Typebot · Typebot
Enestayboga
·
Published
2026-05-22
·
Updated
2026-05-23
·
CVE-2026-39968
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TypeBot versions prior to 3.15.3
Description
An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The
getCredentials() utility function employs a falsy check for workspace ownership validation. Because the preview endpoint accepts a client-controlled workspaceId field and the Zod schema allows empty strings, providing workspaceId: "" bypasses credential ownership verification. This can lead to credential exfiltration, external service abuse, financial damage, and data breaches.Recommendations
Update to a version later than 3.15.2.
Exploit
Fix
Improper Access Control
IDOR
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typebot