CVE-2026-33712

EIP tracks 1 public exploit for CVE-2026-33712. PoCs published by portbuster1337.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-33712, an unauthenticated SSRF vulnerability in Typebot <= 3.15.2. The exploit leverages a bypass in the `isolated-vm` sandbox's fetch function to perform SSRF attacks, with capabilities for pre-flight checks, internal URL scanning, and data exfiltration via webhooks.

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.