CVE-2026-48768

CRITICAL 9.3

TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any anonymous visitor to a published bot with a file input can upload attacker-controlled HTML, SVG, or JS to attacker-chosen subpaths, including other tenants’ publicly served result paths, enabling arbitrary content hosting and potential stored XSS on the storage origin. ../ traversal is blocked by S3/MinIO canonicalization (signature mismatch), but forward-slash path injection is exploitable. This issue has been fixed in version 3.17.0.

CWE	CWE-22 CWE-79
Vendor	baptistearno
Product	typebot.io
Published	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for baptistearno typebot.io

Be the first to know when new critical vulnerabilities affecting baptistearno typebot.io are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Affected Versions

baptisteArno / typebot.io

< 3.17.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf github.com: https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.0