CVE-2026-39965 | baptisteArno typebot.io up to 3.15.x HTTP Request validateHttpReqUrl server-side request forgery

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability identified as critical has been detected in baptisteArno typebot.io up to 3.15.x. Affected by this vulnerability is the function validateHttpReqUrl of the component HTTP Request Handler. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-39965. Remote exploitation of the attack is possible. No exploit is available.

You should upgrade the affected component.

CVE-2026-39965 | baptisteArno typebot.io up to 3.15.x HTTP Request validateHttpReqUrl server-side request forgery

Post correlati

CVE-2024-26132 | Element up to 1.6.11 on Android information disclosure (GHSA-8wj9-cx7h-pvm4)

CVE-2024-41879 | Adobe Acrobat Viewer Remote Code Execution

CVE-2026-35479 | InvenTree up to 1.2.6 improper authorization (GHSA-7c3q-vwcv-2vp7)

CVE-2025-26411 | Wattsense Bridge prior 6.1.0 Plugin Manager unrestricted upload