{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-48764/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T23:29:49.629Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-48764","@id":"https://www.cve.org/CVERecord?id=CVE-2026-48764","description":"TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is"},"products":[{"@id":"cpe:2.3:a:baptistearno:typebot.io:\\<_3.17.2:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:baptistearno:typebot.io:\\<_3.17.2:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-17T23:29:49.629Z"}]}