PatchSiren cyber security CVE debrief
CVE-2026-39968 baptisteArno CVE debrief
CVE-2026-39968 describes an incomplete authorization fix in TypeBot, a chatbot builder tool. The vulnerability affects versions 3.15.2 and prior, where a patch for GHSA-4xc5-wfwc-jw47 failed to fully secure credential access controls. While the builder's getCredentials tRPC endpoint received workspace membership checks, the bot-engine runtime's preview chat endpoint remained vulnerable. The bot-engine's getCredentials() utility uses a falsy check (if (workspaceId && ...)) for workspace ownership validation. Because the preview endpoint accepts a client-controlled workspaceId field and the Zod schema permits empty strings, an attacker can submit workspaceId: '' to bypass credential ownership verification entirely. This allows any authenticated user to access credentials from any workspace. The vulnerability was published on 2026-05-22 and last modified on 2026-05-26. The issue is rated HIGH severity with a CVSS score of 7.1. Exploitation can lead to credential exfiltration, external service abuse, financial damage, and data breach. The vendor has released version 3.16.0 to address this vulnerability.
- Vendor
- baptisteArno
- Product
- typebot.io
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-26
Who should care
Organizations running TypeBot versions 3.15.2 or earlier, particularly those hosting multi-tenant deployments with workspace isolation requirements. Security teams responsible for chatbot infrastructure, credential management systems, and applications using tRPC with client-controlled resource identifiers.
Technical summary
The vulnerability stems from an incomplete patch for a prior credential theft issue. The bot-engine runtime's getCredentials() function uses a falsy check (if (workspaceId && ...)) that fails when workspaceId is an empty string. The preview chat endpoint accepts client-controlled workspaceId values, and the Zod validation schema allows empty strings. An authenticated attacker can supply workspaceId: '' to bypass workspace ownership verification and access credentials from any workspace. This represents a classic insecure direct object reference (IDOR) variant enabled by weak input validation and inconsistent authorization enforcement across application components.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade TypeBot to version 3.16.0 or later
- Review all custom credential access implementations for similar falsy check patterns
- Audit workspace isolation controls across all tRPC endpoints and bot-engine runtime components
- Implement strict schema validation rejecting empty strings for workspace identifiers
- Review and strengthen authorization checks in preview/sandbox endpoints that accept client-controlled identifiers
- Monitor for anomalous credential access patterns across workspace boundaries
Evidence notes
The vulnerability description indicates this is a bypass of a previous incomplete fix for GHSA-4xc5-wfwc-jw47. The technical root cause is a falsy check on workspaceId in the bot-engine's getCredentials() function combined with Zod schema allowing empty strings. The preview chat endpoint's acceptance of client-controlled workspaceId enables the bypass.
Official resources
2026-05-22T19:17:03.373Z