CVE-2026-39970— TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
Possible ATT&CK Techniques 3AI
T1005 · Data from Local System T1059.007 · JavaScript T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| baptisteArno | typebot.io | < 3.16.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39970
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
Source: NVD (National Vulnerability Database)
Vulnerability Description
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading a crafted malicious SVG file containing embedded JavaScript, an attacker will execute arbitrary JavaScript code. This vulnerability directly enables stored XSS exploitation because the payload is persistently stored on your infrastructure (app.typebot.io) and accessible from a public-facing, permanent link. Stored XSS via malicious SVG uploads to app.typebot.io allows attackers to execute arbitrary JavaScript in victims' browsers, enabling session/token theft, account takeover, and exfiltration of sensitive user data. This issue has been fixed in version 3.16.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Typebot 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Typebot是Baptiste Arnaud个人开发者的一个开源聊天机器人构建器。 TypeBot 3.15.2及之前版本存在安全漏洞,该漏洞源于配置文件上传表单未清理或限制SVG/XML上传,可能导致存储型跨站脚本攻击。以下版本受到影响:3.15.2及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| baptisteArno | typebot.io | < 3.16.0 | - |
II. Public POCs for CVE-2026-39970
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39970
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-39970 (1)
Vendor Pages for CVE-2026-39970 (1)
Same Patch Batch · baptisteArno · 2026-05-22 · 11 CVEs total
| CVE-2026-33712 | 10.0 CRITICAL | TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF |
| CVE-2026-28445 | 8.7 HIGH | Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Prev |
| CVE-2026-39965 | 7.7 HIGH | TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks |
| CVE-2026-34207 | 7.6 HIGH | TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Valid |
| CVE-2026-39968 | 7.1 HIGH | TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint |
| CVE-2026-28444 | 6.5 MEDIUM | Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure |
| CVE-2026-39966 | 6.5 MEDIUM | TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and lea |
| CVE-2026-39969 | 6.5 MEDIUM | TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification |
| CVE-2026-39964 | 5.4 MEDIUM | TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on v |
| CVE-2026-39967 | 3.1 LOW | TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter |
IV. Related Vulnerabilities
Same product: typebot.io
- CVE-2026-39969
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verific - CVE-2026-39967
TypeBot: Cross-Typebot Result Data Access via Missing typebo - CVE-2026-39968
TypeBot: Cross-Workspace Credential Theft via Bot-Engine Pre - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-39965
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and C
Same vendor: baptisteArno
- CVE-2026-39969
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verific - CVE-2026-39967
TypeBot: Cross-Typebot Result Data Access via Missing typebo - CVE-2026-39968
TypeBot: Cross-Workspace Credential Theft via Bot-Engine Pre - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-39965
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and C
Same weakness: CWE-79
- CVE-2026-7421
Passeum Ticketing <= 1.0 - Authenticated (Administrator+) St - CVE-2026-40108
GLPI Vulnerable to Stored XSS in ITIL Costs - CVE-2026-35212
OpenCTI has XSS in the rendering of email-message observable - CVE-2026-42849
authentik: Reflected XSS in SFE AutosubmitStage allows IDP a - CVE-2026-5385
GLPI 11.0.0 - Stored XSS in knowledge base
V. Comments for CVE-2026-39970
No comments yet