CVE-2026-39970— TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
Possible ATT&CK Techniques 3AI
T1005 · Data from Local System T1059.007 · JavaScript T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| baptisteArno | typebot.io | < 3.16.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39970
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
Source: NVD (National Vulnerability Database)
Vulnerability Description
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading a crafted malicious SVG file containing embedded JavaScript, an attacker will execute arbitrary JavaScript code. This vulnerability directly enables stored XSS exploitation because the payload is persistently stored on your infrastructure (app.typebot.io) and accessible from a public-facing, permanent link. Stored XSS via malicious SVG uploads to app.typebot.io allows attackers to execute arbitrary JavaScript in victims' browsers, enabling session/token theft, account takeover, and exfiltration of sensitive user data. This issue has been fixed in version 3.16.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| baptisteArno | typebot.io | < 3.16.0 | - |
II. Public POCs for CVE-2026-39970
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39970
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-39970 (1)
Vendor Pages for CVE-2026-39970 (1)
- Release v3.16.0 · baptisteArno/typebot.io · GitHubx_refsource_MISC
Same Patch Batch · baptisteArno · 2026-05-22 · 11 CVEs total
| CVE-2026-33712 | 10.0 CRITICAL | TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF |
| CVE-2026-28445 | 8.7 HIGH | Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Prev |
| CVE-2026-39965 | 7.7 HIGH | TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks |
| CVE-2026-34207 | 7.6 HIGH | TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Valid |
| CVE-2026-39968 | 7.1 HIGH | TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint |
| CVE-2026-28444 | 6.5 MEDIUM | Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure |
| CVE-2026-39966 | 6.5 MEDIUM | TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and lea |
| CVE-2026-39969 | 6.5 MEDIUM | TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification |
| CVE-2026-39964 | 5.4 MEDIUM | TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on v |
| CVE-2026-39967 | 3.1 LOW | TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter |
IV. Related Vulnerabilities
Same product: typebot.io
- CVE-2026-39969
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verific - CVE-2026-39967
TypeBot: Cross-Typebot Result Data Access via Missing typebo - CVE-2026-39968
TypeBot: Cross-Workspace Credential Theft via Bot-Engine Pre - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-39965
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and C
Same vendor: baptisteArno
- CVE-2026-39969
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verific - CVE-2026-39967
TypeBot: Cross-Typebot Result Data Access via Missing typebo - CVE-2026-39968
TypeBot: Cross-Workspace Credential Theft via Bot-Engine Pre - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-39965
TypeBot: SSRF via Open Redirect Bypass in HTTP Request and C
Same weakness: CWE-79
- CVE-2018-25349
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For He - CVE-2026-41147
NukeViet CMS: Stored Cross-Site Scripting (XSS) via insuffic - CVE-2026-40607
MantisBT is Vulnerable to Stored XSS Through its Saved-Filte - CVE-2026-40598
MantisBT has Potential Referer-Based Reflected HTML Injectio - CVE-2026-40597
MantisBT has a Content Security Policy bypass via attachment
V. Comments for CVE-2026-39970
No comments yet