CVE-2026-33712 CRITICAL

CVE-2026-33712: TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

Vendor Baptistearno
Product typebot.io
Weakness CWE-862 · Missing authorization
Published May 22, 2026
Last update May 22, 2026
View on NVD All CVEs

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.

Key dates

02Disclosure timeline

May 22, 2026 CVE published
May 22, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update CVE-2025-64632 WordPress Google XML Sitemaps plugin <= 4.1.22 - Broken Access Control vulnerability CVE-2025-68523 WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability CVE-2025-68021 WordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerability CVE-2025-24652 WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability