A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in the Typebot open-source chatbot builder. This flaw allows authenticated users to force the server to make unauthorized requests to internal network resources, including the AWS metadata service, potentially leading to the theft of cloud credentials and complete compromise of the underlying Kubernetes cluster and associated cloud infrastructure.

The vulnerability exists within the webhook block (HTTP Request component) of Typebot. An authenticated attacker can configure a webhook to send a crafted HTTP request to an arbitrary URL from the Typebot server. Specifically, an attacker can target the internal AWS Instance Metadata Service (IMDS) endpoint at 169.254.169.254. The vulnerability allows the injection of custom headers, which enables the bypass of IMDSv2 protections, allowing the attacker to first request a session token and then use that token to retrieve temporary IAM credentials associated with the server's EKS node role. Possession of these credentials grants the attacker significant privileges within the AWS environment, potentially leading to full control over the Kubernetes cluster and other connected cloud resources.

This vulnerability is rated as critical with a CVSS score of 9.6, reflecting the high potential for catastrophic impact. Successful exploitation could lead to a complete compromise of the organization's cloud environment. Key risks include unauthorized access to and exfiltration of all data processed by the application and stored in the cloud, deployment of malicious software such as ransomware or cryptominers, service disruption or complete shutdown of production environments, and significant financial and reputational damage. The ability to gain control over the Kubernetes cluster allows for lateral movement and further attacks against the organization's infrastructure.

Immediate Action: Immediately upgrade all instances of Typebot to version 3.13.1 or later, which contains the patch for this vulnerability. After patching, review access logs and cloud audit logs (e.g., AWS CloudTrail) for any signs of compromise or unauthorized access originating from the Typebot server's IAM role.

Proactive Monitoring:

• Monitor outbound network traffic from Typebot servers/containers for any requests targeting the AWS IMDS endpoint (169.254.169.254).
• Implement alerting for any unusual or unexpected API calls made using the IAM role associated with the EKS nodes where Typebot is running.
• Regularly audit Typebot webhook configurations for any suspicious URLs pointing to internal or reserved IP addresses.

Compensating Controls:

• If immediate patching is not feasible, implement strict network egress policies on the Typebot pods/servers to block all traffic to 169.254.169.254.
• Review the IAM role attached to the EKS nodes and apply the principle of least privilege, ensuring it has only the absolute minimum permissions required to function.
• If the webhook feature is not in use, disable it entirely through application configuration to remove the attack vector.

Public Exploit Available: false

Given the critical severity (CVSS 9.6) and the potential for complete infrastructure compromise, this vulnerability requires immediate attention. Organizations must prioritize applying the patch to upgrade all affected Typebot instances to version 3.13.1 or later. While this CVE is not currently listed on the CISA KEV catalog, its impact is severe enough to be treated with the highest urgency. In addition to patching, it is strongly recommended to implement compensating controls, such as network egress filtering, as a defense-in-depth measure to protect against this and similar SSRF vulnerabilities in the future.