UnratedPublic exploit

Unauthenticated arbitrary S3 object write in TypeBot generate-upload-url

IdentifiersCVE-2026-48768CWE-434

CVE-2026-48768 affects TypeBot versions 3.16.1 and earlier. The POST /api/blocks/file-input/v3/generate-upload-url endpoint is unauthenticated and uses unsanitized fileName input when constructing object keys under the public/ storage path, while also issuing presigned PUT URLs that do not bind Content-Type. An anonymous visitor to a published bot that includes a file input can therefore obtain a valid upload URL and write attacker-controlled content such as HTML, SVG, or JavaScript to attacker-chosen subpaths, including publicly served result paths belonging to other tenants. The issue is not based on ../ traversal, which is blocked by S3/MinIO canonicalization and signature mismatch, but on exploitable forward-slash path injection in the supplied fileName.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary public object creation on the backing S3/MinIO storage origin. This enables attacker-controlled content hosting and can lead to stored cross-site scripting when uploaded HTML, SVG, or script-bearing content is later served from the public storage origin. Because attacker-chosen subpaths can include other tenants’ publicly served result paths, the flaw also creates a cross-tenant integrity impact and may allow defacement, malicious content replacement, or delivery of attacker-controlled payloads to users accessing affected public resources.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, restrict or disable access to the vulnerable POST /api/blocks/file-input/v3/generate-upload-url endpoint, especially for unauthenticated users. Limit file-input functionality on published bots where feasible. Enforce server-side validation and normalization of file names to prevent path manipulation, restrict uploads to tenant-scoped prefixes only, and validate or hard-bind allowed MIME types for presigned PUT operations. Review public storage paths for unexpected HTML, SVG, or JavaScript objects and remove unauthorized content.

Remediation

Patch, then assume compromise.

Upgrade TypeBot to version 3.17.0 or later, which fixes the vulnerability. The fix should ensure the generate-upload-url workflow is properly authenticated or otherwise access-controlled, sanitize and constrain fileName-derived object keys to prevent forward-slash path injection and cross-path writes, and bind or strictly validate Content-Type for presigned uploads so uploaded content cannot be arbitrarily retyped into active web content.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvefeed high severityNews

Jun 17, 2026

CVE-2026-48768 - TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

An unauthenticated arbitrary S3 object write vulnerability in TypeBot that allows anonymous visitors to upload attacker-controlled HTML, SVG, or JavaScript to attacker-chosen public paths, enabling arbitrary content hosting and potential stored XSS on the storage origin.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-48768

NVD

nvd.nist.gov/vuln/detail/CVE-2026-48768

MITRE CWE · CWE-434

cwe.mitre.org