What is CVE-2026-39965?

CVE-2026-39965 is a high-severity vulnerability in Baptistearno Typebot.io, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.7/10. Published 2026-05-22.

How severe is CVE-2026-39965?

High severity. CVSS v3 base score is 7.7 out of 10.

SSRF in Baptistearno Typebot.io

CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadat…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (9.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Baptistearno Typebot.io — versions < 3.16.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-39965?: CVE-2026-39965 is a high-severity vulnerability in Baptistearno Typebot.io, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.7/10. Published 2026-05-22.
How severe is CVE-2026-39965?: High severity. CVSS v3 base score is 7.7 out of 10.