Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-39970

CVE-2026-39970: TypeBot Stored XSS Vulnerability

CVE-2026-39970 is a stored XSS vulnerability in TypeBot's profile picture upload form that allows attackers to execute malicious JavaScript via SVG files. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-39970 Overview

CVE-2026-39970 is a stored Cross-Site Scripting (XSS) vulnerability in TypeBot, an open-source chatbot builder tool. The flaw affects versions 3.15.2 and prior, residing in the profile picture upload feature on app.typebot.io. The application fails to sanitize SVG/XML uploads and renders them directly when accessed through the domain. Attackers can upload crafted SVG files containing embedded JavaScript that executes in the browser of any user accessing the file. The vulnerability is classified under CWE-79. The issue has been remediated in version 3.16.0.

Critical Impact

Successful exploitation enables arbitrary JavaScript execution in victims' browsers, leading to session token theft, account takeover, and exfiltration of sensitive user data via a persistent, public-facing link.

Affected Products

  • TypeBot versions 3.15.2 and prior
  • TypeBot self-hosted deployments exposing the profile picture upload endpoint
  • app.typebot.io hosted service prior to the patch

Discovery Timeline

  • 2026-05-22 - CVE-2026-39970 published to NVD
  • 2026-05-22 - Last updated in NVD database

Technical Details for CVE-2026-39970

Vulnerability Analysis

The vulnerability stems from improper handling of user-uploaded SVG files in the TypeBot profile picture upload form. SVG is an XML-based image format that supports embedded <script> elements and JavaScript event handlers. When the application serves these files with an image-related MIME type or renders them inline through the browser, the embedded script executes in the origin context of app.typebot.io.

Because the malicious file is persistently stored on the server and reachable through a permanent URL, the payload becomes a stored XSS rather than a transient reflected one. Any user who visits the profile picture link, or any context that embeds the image, triggers script execution.

Root Cause

The profile picture upload handler does not enforce MIME-type restrictions that exclude SVG/XML content, nor does it sanitize uploaded SVG documents to strip executable elements such as <script>, onload, or onerror attributes. The files are then served directly from the application origin, satisfying the same-origin policy and granting attacker scripts access to authenticated session context.

Attack Vector

An authenticated attacker uploads a crafted SVG file as their profile picture. The file contains embedded JavaScript that runs when the SVG is rendered by a victim's browser. Because the asset is served from app.typebot.io, the script can access cookies, local storage, and tokens scoped to that origin. The attacker can then perform actions on behalf of the victim, exfiltrate session credentials, or pivot to broader account takeover.

The vulnerability mechanism is described in the GitHub Security Advisory GHSA-jj87-c343-26vp.

Detection Methods for CVE-2026-39970

Indicators of Compromise

  • Uploaded profile picture files with .svg extension or image/svg+xml MIME type stored in user asset directories
  • SVG files containing <script> tags, onload, onerror, or javascript: URI references
  • Outbound HTTP requests from user browsers to attacker-controlled domains originating from app.typebot.io contexts

Detection Strategies

  • Scan stored user uploads for SVG files and inspect their contents for embedded scripts or event handler attributes
  • Review web server access logs for GET requests to user-uploaded SVG assets followed by anomalous outbound traffic
  • Audit user accounts for recently changed profile pictures around the disclosure window of May 2026

Monitoring Recommendations

  • Enable Content Security Policy (CSP) violation reporting to capture inline script execution attempts on the application origin
  • Monitor authentication logs for session anomalies such as concurrent logins from disparate geolocations
  • Alert on uploads with declared image types that contain XML or script content via deep file inspection

How to Mitigate CVE-2026-39970

Immediate Actions Required

  • Upgrade TypeBot to version 3.16.0 or later, as published in the GitHub Release v3.16.0
  • Audit all existing user-uploaded profile pictures and remove any SVG files containing scripts or event handlers
  • Invalidate active user sessions and rotate authentication tokens following remediation

Patch Information

The maintainers released version 3.16.0 to address this vulnerability. Operators of self-hosted TypeBot deployments must update to this version. Hosted users on app.typebot.io receive the fix automatically. See the GitHub Security Advisory GHSA-jj87-c343-26vp for advisory details.

Workarounds

  • Restrict profile picture uploads to raster image formats such as PNG and JPEG by enforcing MIME-type and extension allowlists at the reverse proxy or WAF
  • Serve user-uploaded files from an isolated origin or sandboxed subdomain to limit same-origin script access
  • Apply a strict Content Security Policy that disallows inline script execution on user-asset paths
bash
# Example nginx configuration to block SVG profile picture serving as a temporary workaround
location /uploads/profile/ {
    if ($request_filename ~* \.svg$) {
        return 403;
    }
    add_header Content-Security-Policy "default-src 'none'; img-src 'self'";
    add_header X-Content-Type-Options "nosniff";
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.