CVE-2026-48768
Received Received - Intake
Stored XSS via Unauthenticated File Upload in TypeBot

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any anonymous visitor to a published bot with a file input can upload attacker-controlled HTML, SVG, or JS to attacker-chosen subpaths, including other tenants’ publicly served result paths, enabling arbitrary content hosting and potential stored XSS on the storage origin. ../ traversal is blocked by S3/MinIO canonicalization (signature mismatch), but forward-slash path injection is exploitable. This issue has been fixed in version 3.17.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-48768
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
baptistearno typebot to 3.17.0 (exc)
baptistearno typebot 3.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48768 is a critical security vulnerability in TypeBot versions 3.16.1 and earlier. It affects the unauthenticated endpoint POST /api/blocks/file-input/v3/generate-upload-url, which allows anonymous users to upload files to arbitrary locations within the public S3 storage by manipulating the unsanitized fileName parameter.

Because the fileName input is not sanitized and the presigned PUT URLs do not enforce Content-Type restrictions, attackers can upload malicious HTML, SVG, or JavaScript files to attacker-chosen paths. This enables arbitrary content hosting and stored cross-site scripting (XSS) attacks on the storage origin.

Although classic path traversal using '../' is blocked by S3 canonicalization, forward-slash path injection is still exploitable, allowing attackers to place malicious files in subpaths, including those belonging to other tenants in multi-tenant deployments.

Impact Analysis

This vulnerability can have severe impacts including unauthorized modification of data stored in the S3 bucket, hosting of malicious content such as malware or phishing pages under the trusted domain, and execution of stored cross-site scripting (XSS) attacks against users accessing the uploaded files.

In multi-tenant environments, attackers can place malicious files in other tenants' publicly served paths, potentially compromising multiple users or organizations.

The overall impact includes compromised integrity of the application's storage, risk of malware distribution, phishing, and client-side code execution leading to data theft or session hijacking.

Detection Guidance

The vulnerability involves an unauthenticated POST request to the endpoint /api/blocks/file-input/v3/generate-upload-url that allows arbitrary file uploads via manipulation of the fileName parameter.

To detect exploitation attempts on your network or system, monitor for unauthenticated POST requests to this specific endpoint.

You can use network monitoring or web server logs to identify such requests.

  • Use tools like tcpdump or Wireshark to capture HTTP traffic and filter for POST requests to /api/blocks/file-input/v3/generate-upload-url.
  • Example tcpdump command: tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep 'POST /api/blocks/file-input/v3/generate-upload-url'
  • Check web server access logs for unauthenticated POST requests to the vulnerable endpoint, looking for unusual fileName parameters containing forward slashes or suspicious file extensions like .html, .svg, or .js.
Mitigation Strategies

The primary mitigation is to upgrade TypeBot to version 3.17.0 or later, where this vulnerability has been fixed.

Additional immediate steps include:

  • Restrict or disable the vulnerable endpoint /api/blocks/file-input/v3/generate-upload-url if upgrading is not immediately possible.
  • Implement server-side validation and sanitization of the fileName parameter to prevent path injection.
  • Enforce Content-Type binding on presigned PUT URLs to prevent uploading of malicious file types.
  • Serve user-uploaded files from a separate origin with appropriate security headers to mitigate stored XSS risks.
Compliance Impact

The vulnerability allows unauthenticated attackers to upload arbitrary malicious content, including HTML, SVG, or JavaScript files, to publicly accessible storage paths within the Typebot platform. This can lead to stored cross-site scripting (XSS) attacks and arbitrary content hosting under the trusted domain.

Such unauthorized content hosting and potential execution of malicious scripts can compromise the integrity and confidentiality of user data and the platform environment.

While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, the ability for attackers to host malicious content and potentially access or manipulate data could lead to violations of data protection and security requirements mandated by these regulations.

Specifically, GDPR requires appropriate technical and organizational measures to ensure data security and prevent unauthorized access or alteration, which this vulnerability undermines.

Similarly, HIPAA mandates safeguards to protect electronic protected health information (ePHI) from unauthorized access or disclosure, which could be jeopardized by this vulnerability if the platform handles such data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48768. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart