CVE-2026-49213 in typebot.io
Summary
by MITRE • 07/11/2026
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. A workspace editor or creator can configure a server-side HTTP Request block or guarded script fetch to make the Typebot server connect to local HTTP services through safeKy, including flows triggered by POST /v1/typebots/{publicId}/startChat or POST /v1/sessions/{sessionId}/continueChat. This issue is fixed in version 3.17.2.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/11/2026
The vulnerability described represents a critical server-side request forgery flaw in Typebot chatbot builder software that affects versions prior to 3.17.2. This security weakness stems from an insufficient validation mechanism for HTTP request URLs within the shared SSRF validator component located in packages/lib/src/ssrf/validateHttpReqUrl.ts. The vulnerability allows malicious actors to bypass intended security restrictions by leveraging the IPv6 unspecified address :: which is not properly blocked during validation checks. The flaw specifically occurs because validateIPAddress function only filters local, metadata, and private IP ranges but fails to account for the IPv6 unspecified address that serves as a valid network address in IPv6 networking protocols. This oversight creates a significant attack vector where authenticated workspace editors or creators can manipulate HTTP request blocks or guarded script fetch operations to force the Typebot server to connect to internal HTTP services.
The operational impact of this vulnerability extends across multiple attack surfaces within the Typebot platform, particularly affecting server-side HTTP Request blocks and guarded script fetch functionality. Attackers can exploit this weakness through legitimate workflow triggers such as POST /v1/typebots/{publicId}/startChat or POST /v1/sessions/{sessionId}/continueChat endpoints, enabling them to potentially access internal network services that should remain isolated from external exposure. The vulnerability essentially allows an authenticated attacker to perform reconnaissance and potentially gain unauthorized access to internal systems that are typically protected by firewalls or network segmentation policies. This type of attack falls under the category of server-side request forgery as defined by CWE-918, which specifically addresses vulnerabilities where applications fail to properly validate and restrict external resource access.
The exploitation of this vulnerability requires an attacker to have valid workspace editor or creator privileges within Typebot, making it a privilege escalation concern rather than a purely remote attack vector. However, the impact remains severe as it allows lateral movement within the network infrastructure that Typebot servers operate in, potentially enabling attackers to access sensitive internal services or perform further reconnaissance activities. The fix implemented in version 3.17.2 addresses this by properly including the IPv6 unspecified address :: and its expanded form in the validation checks, thereby preventing the bypass mechanism that previously allowed attackers to circumvent security controls.
From a cybersecurity perspective, this vulnerability aligns with ATT&CK technique T1071.004 which covers application layer protocol: DNS, and more specifically relates to techniques involving service discovery and lateral movement through internal network resources. The issue demonstrates poor input validation practices that are commonly associated with the broader class of injection vulnerabilities described in CWE-20. Organizations using Typebot should immediately upgrade to version 3.17.2 or later to remediate this vulnerability, as it represents a significant risk to network security posture when exploited by authenticated malicious actors. The vulnerability also highlights the importance of comprehensive IP address validation that considers both IPv4 and IPv6 addressing schemes in modern security implementations, particularly in systems where network boundary protection is critical for maintaining overall security integrity.