CVE-2026-33712
CriticalSummary
Typebot is a chatbot builder tool that in versions 3.15.2 and prior has a vulnerability allowing unauthenticated users to perform a Server-Side Request Forgery (SSRF) attack by supplying a custom typebot definition with server-side code blocks. The fetch function in the isolated environment does not validate the URL, allowing SSRF mitigations to be bypassed.
Risk Assessment
Exploitation of this vulnerability can lead to cloud credential theft, internal network access, and data exfiltration for any self-hosted Typebot deployments and hosted services.
Recommendation
It is recommended to upgrade to version 3.16.0, where the issue has been fixed, to minimize the risk associated with this vulnerability.
Original NVD description (English source)
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.

