CVE-2026-48768 - TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName
CVE ID :CVE-2026-48768 Published : June 17, 2026, 11:13 p.m. | 9 hours, 55 minutes ago Description :TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/...