PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48759 baptisteArno CVE debrief

CVE-2026-48759 is a HIGH-severity vulnerability in TypeBot, a chatbot builder tool. Versions 3.15.2 and below are affected by an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability allows any authenticated user to modify or delete theme templates belonging to any other workspace. The issue arises from the handleSaveThemeTemplate and handleDeleteThemeTemplate handlers, which validate user membership in a workspace but fail to include the workspace ID in the WHERE clause of Prisma queries. Consequently, attackers may exploit this to expose template IDs via shared typebots or network traffic. The vulnerability has been patched in version 3.16.0. Organizations using TypeBot should prioritize upgrading to the latest version to mitigate potential risks.

Vendor
baptisteArno
Product
typebot.io
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-22
Advisory published
2026-06-17
Advisory updated
2026-06-22

Who should care

Administrators and users of TypeBot versions 3.15.2 and below should be aware of this vulnerability. Given the HIGH CVSS score of 7.1, immediate attention is required to prevent unauthorized access and modifications to theme templates. This vulnerability could lead to data exposure and integrity issues if exploited.

Technical summary

The vulnerability is caused by inadequate validation in the handleSaveThemeTemplate and handleDeleteThemeTemplate handlers. These handlers verify that the authenticated user is a non-guest member of the specified workspaceId but then use Prisma queries without including workspaceId in the WHERE clause. This oversight enables any authenticated user to modify or delete theme templates from any workspace, not just their own. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L, indicating a Network attack vector with Low attack complexity and privileges required.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade TypeBot to version 3.16.0 or later immediately.
  • Review and restrict access to theme template modification and deletion functionalities.
  • Monitor for suspicious activity related to theme template changes.
  • Implement additional authentication and authorization checks for workspace operations.
  • Educate users about secure practices when using TypeBot, especially regarding workspace and template management.

Evidence notes

The information provided is based on the CVE record and NVD details. The vulnerability was published on 2026-06-17 and modified on 2026-06-18. References include the official CVE record [cve-org], NVD details [nvd], and source references [ref-4], [ref-5] related to the patch and advisory.

Official resources

public