{"vulnerability": "cve-2026-48768", "sightings": [{"uuid": "843b6ed7-1e89-4a55-8fa3-19db8c317090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48768", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mojjj35nrc2t", "content": "CRITICAL alert: Path traversal in typebot.io \u22643.16.1 lets attackers upload files to public paths, risking stored XSS. Update to 3.17.0 now! https://radar.offseq.com/threat/cve-2026-48768-cwe-22-improper-limitation-of-a-pat-bab741214d20a19d #OffSeq #CVE202648768 #Security", "creation_timestamp": "2026-06-18T00:00:44.995882Z"}, {"uuid": "ee002f14-9a62-4965-a3e3-918b43fe2c89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48768", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojpsuhhbw2z", "content": "CVE-2026-48768 - TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName\nCVE ID : CVE-2026-48768\n \n Published : June 17, 2026, 11:13 p.m. | 2\u00a0hours, 28\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder tool. In versions 3.16.1...", "creation_timestamp": "2026-06-18T01:53:35.629006Z"}, {"uuid": "79f4e9af-11b9-4be1-ab51-61cf0b7d56bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48768", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3monjhbwh4p2c", "content": "CVE-2026-48768 - Critical XSS in Typebot. Unauthenticated file upload to arbitrary S3 paths. Malicious HTML/SVG/JS can be injected into other tenants' results. CVSS 9.3. No patch available. Disable file input blocks immediately. #CVE #Typeb...\n\nhttps://www.valtersit.com/cve/CVE-2026-48768/", "creation_timestamp": "2026-06-19T14:10:24.329546Z"}]}