CVE-2026-33712 | baptisteArno typebot.io up to 3.15.x Preview Chat Endpoint startChat fetch authorization (GHSA-vc2q-r6rq-ggj9)

A vulnerability, which was classified as critical, was found in baptisteArno typebot.io up to 3.15.x. Affected by this issue is the function fetch of the file /api/v1/typebots/{typebotId}/preview/startChat of the component Preview Chat Endpoint. Such manipulation leads to missing authorization.

This vulnerability is traded as CVE-2026-33712. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More