CVE-2026-48764
Received Received - Intake
TypeBot SSRF Validation Bypass via DNS Rebinding

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is then performed later using the original hostname, without pinning the validated IP to the network connection. An attacker who can supply a URL to a public bot that performs a server-side HTTP Request block or server-side script fetch can use DNS rebinding to pass the initial validation and still force the server to connect to a private or metadata address during the real request. This enables server-side access to private network services, cloud metadata endpoints, and other internal HTTP targets that the validator was intended to block. The exact downstream impact depends on the reachable internal services. Concrete consequences include metadata disclosure, access to internal admin panels, credential theft from metadata services, and further compromise through internal-only HTTP interfaces. This issue has been fixed in version 3.17.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-48764
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
baptistearno typebot 3.16.2
baptistearno typebot 3.17.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation is to upgrade typebot.io to version 3.17.2 or later, where the SSRF vulnerability has been fixed by blocking IPv6 unspecified addresses and improving SSRF IP validation to prevent DNS rebinding attacks.

Additional mitigation includes ensuring that SSRF validators properly block all unspecified IP addresses (0.0.0.0/8 and ::/128), loopback, and private IP ranges, and pin the resolved IP address during the entire request to prevent TOCTOU issues.

Executive Summary

CVE-2026-48764 is a Server-Side Request Forgery (SSRF) vulnerability in the TypeBot chatbot builder tool versions prior to 3.17.2. The vulnerability arises because the SSRF validation only resolves a hostname once to check if its IP address is in a forbidden range, but the actual HTTP request later resolves the hostname again without pinning the validated IP. This time-of-check to time-of-use (TOCTOU) gap allows an attacker to use DNS rebinding to bypass the SSRF protections.

An attacker can supply a URL to a public bot that performs server-side HTTP requests. Initially, the domain resolves to a public IP and passes validation, but when the real request is made, the domain resolves to a private or metadata IP address. This enables unauthorized server-side access to internal network services, cloud metadata endpoints, and other protected HTTP targets.

Impact Analysis

This vulnerability can have serious impacts because it allows attackers to bypass SSRF protections and access internal network services that should be restricted. Potential impacts include:

  • Disclosure of sensitive metadata from cloud environments.
  • Access to internal administrative panels that are not meant to be publicly reachable.
  • Theft of credentials from metadata services.
  • Further compromise of internal systems through HTTP interfaces that are only accessible internally.
Detection Guidance

This vulnerability involves a time-of-check to time-of-use gap in SSRF validation, where the hostname is resolved once for validation but re-resolved during the actual request, allowing DNS rebinding attacks. Detection would involve monitoring for unusual DNS resolution patterns or outbound HTTP requests to internal or metadata IP addresses that should be blocked.

Suggested detection methods include inspecting logs for server-side HTTP requests to private IP ranges or metadata service IPs (e.g., 169.254.169.254), and monitoring DNS queries for rebinding behavior where a hostname resolves to a public IP initially and then to a private IP.

Specific commands are not provided in the available resources.

Compliance Impact

The vulnerability allows an attacker to perform Server-Side Request Forgery (SSRF) via DNS rebinding, enabling unauthorized access to private network services and cloud metadata endpoints.

This can lead to metadata disclosure, access to internal admin panels, and credential theft from metadata services, which may result in unauthorized access to sensitive data.

Such unauthorized access and potential data exposure could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.

Therefore, exploitation of this vulnerability could lead to violations of these standards due to compromised confidentiality and potential data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48764. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart