A vulnerability identified as critical has been detected in baptisteArno typebot.io up to 3.15.x . Affected by this vulnerability is the function validateHttpReqUrl of the component HTTP Request Handler . The manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-39965 . Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.