PatchSiren cyber security CVE debrief
CVE-2026-39967 baptisteArno CVE debrief
TypeBot is an open-source chatbot builder platform. CVE-2026-39967 identifies an authorization flaw in the bot engine's `findResult` query where result data retrieval is not properly scoped to the requesting `typebotId`. An authenticated attacker with knowledge of a valid foreign `resultId` can supply this identifier to the `startChat` endpoint and retrieve prior session data—including user answers, variable values, and the `hasStarted` flag—from a different TypeBot instance than the one they are interacting with. Successful exploitation requires three conditions: (1) the target TypeBot has `rememberUser` enabled, (2) the attacker knows or obtains a valid 24-character CUID2 `resultId` from another session, and (3) variable names in the attacker's current TypeBot match those in the target session. The CUID2 identifier format provides cryptographic randomness that renders brute-force enumeration infeasible, significantly constraining practical exploitation. If exploited, the vulnerability exposes personally identifiable information such as names, emails, and phone numbers previously collected in the target session. The issue was remediated in TypeBot version 3.16.0 by implementing proper `typebotId` filtering in the `findResult` query. Organizations should upgrade to version 3.16.0 or later and review TypeBot configurations for unnecessary `rememberUser` enablement.
- Vendor
- baptisteArno
- Product
- typebot.io
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-26
Who should care
Organizations operating TypeBot chatbot instances handling sensitive user data; security teams responsible for application authorization boundary verification; compliance officers monitoring PII exposure risks in conversational AI platforms
Technical summary
The vulnerability exists in TypeBot's bot engine where the `findResult` Prisma query retrieves session result records without verifying that the `resultId` belongs to the `typebotId` specified in the current request context. The `startChat` endpoint accepts a `resultId` parameter for resuming existing sessions when `rememberUser` is enabled. The query implementation fails to include a `typebotId` filter clause, permitting any authenticated user with a valid `resultId` from any TypeBot instance to retrieve that session's data. The fix adds `typebotId` equality verification to the query's WHERE clause, ensuring results are only returned when both `resultId` and `typebotId` match the requesting context. The CUID2 identifier scheme (24-character cryptographically random string) provides 128-bit entropy, making identifier prediction or brute-force attacks computationally infeasible and limiting exploitation to scenarios where an attacker obtains a valid `resultId` through separate means.
Defensive priority
routine
Recommended defensive actions
- Upgrade TypeBot installations to version 3.16.0 or later to obtain the authorization fix
- Review TypeBot configurations and disable rememberUser functionality where session persistence is not required
- Audit existing TypeBot deployments for unauthorized data access indicators in application logs, particularly startChat endpoint requests with resultId parameters that do not correspond to the requesting typebotId
- Implement additional access logging for the startChat endpoint to detect anomalous resultId usage patterns
- Verify that deployed TypeBot instances are running patched versions by checking the release tag or commit history for inclusion of fix commit 73162634e6bdebd37a1a571db4062d30854e0400
Evidence notes
Vulnerability description and remediation details sourced from GitHub Security Advisory GHSA-f475-7m4x-m6mx. CVSS 3.1 vector AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N yields score 3.1 (Low). Fix commit 73162634e6bdebd37a1a571db4062d30854e0400 confirms authorization boundary enforcement added. CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-862 (Missing Authorization) identified as applicable weakness classifications.
Official resources
2026-05-22T19:17:03.243Z