Public February 2026
Typebot Builder Preview Executes Arbitrary HTML from Rating Block Icons
BugBunny.ai found that Typebot’s rating block custom icon feature accepted arbitrary SVG or HTML and later rendered it with Solid’s innerHTML directive inside the builder preview. A malicious imported or shared typebot could therefore trigger stored XSS for workspace users who opened the flow in the builder.
TL;DR
Workspace users can be hit with stored XSS when viewing or editing a malicious Typebot flow.
Unsanitized customIcon.svg content rendered in the builder preview.
Typebot v3.15.2 during coordinated disclosure.
CVE assigned; vendor patch still pending at the time of this snapshot.
Root Cause
The custom icon field accepted attacker-controlled SVG markup and pushed it directly into a rendering path backed by innerHTML. No sanitization or safe subset restriction existed before the markup reached the DOM.
The issue specifically broke the security assumptions around imported or collaboratively edited bots. Even if the published bot used separate runtime controls, the builder preview itself became an execution surface for malicious SVG payloads.
Product
Typebot
Affected
v3.15.2
Patched
Vendor patch pending
Weaknesses
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mitigation
- Apply the vendor patch once available and avoid importing untrusted Typebot definitions until then.
- Sanitize or whitelist SVG content before rendering it through innerHTML.
- Treat builder and admin previews as high-value attack surfaces because they execute with elevated workspace trust.
Credits & Disclosure
CVE-2026-28445 was assigned during coordinated disclosure based on GitHub Security Advisory GHSA-6m7c-xfhp-p9fh.