{"vulnerability": "cve-2026-3996", "sightings": [{"uuid": "4736ef4c-cfb9-4c36-a75c-a0092eb0f274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39961", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj3mhw5dms2o", "content": "", "creation_timestamp": "2026-04-09T20:10:32.557660Z"}, {"uuid": "aae29c89-a18f-4f2e-b9fc-b2b4d289b771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39962", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj3mnvcdk52q", "content": "", "creation_timestamp": "2026-04-09T20:13:52.847018Z"}, {"uuid": "7caa8467-b498-4389-8802-d6d60acd7b82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39966", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhxe3r7ma2c", "content": "CVE-2026-39966 - TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions\nCVE ID : CVE-2026-39966\n \n Published : May 22, 2026, 6:12 p.m. | 2\u00a0hours, 7\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder...", "creation_timestamp": "2026-05-22T22:12:46.910893Z"}, {"uuid": "d3b08dda-969a-4a2f-94ca-9a4eab110b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39965", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhxk3at6w2q", "content": "CVE-2026-39965 - TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks\nCVE ID : CVE-2026-39965\n \n Published : May 22, 2026, 5:27 p.m. | 2\u00a0hours, 52\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Op...", "creation_timestamp": "2026-05-22T22:16:07.692498Z"}, {"uuid": "7f15e674-82a0-446c-a5c6-e2cee8d4d4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39967", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhym7gopi2q", "content": "CVE-2026-39967 - TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter\nCVE ID : CVE-2026-39967\n \n Published : May 22, 2026, 6:36 p.m. | 1\u00a0hour, 43\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's th...", "creation_timestamp": "2026-05-22T22:35:12.991497Z"}, {"uuid": "cfc44ffc-2ad9-4029-91e7-96f54eb1de9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39968", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhysg2wbj2n", "content": "CVE-2026-39968 - TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint\nCVE ID : CVE-2026-39968\n \n Published : May 22, 2026, 6:26 p.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA...", "creation_timestamp": "2026-05-22T22:38:41.203051Z"}, {"uuid": "b696c15b-c486-4f61-8fb1-92e0dcc80397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39969", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhzk5mgio2q", "content": "CVE-2026-39969 - TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification\nCVE ID : CVE-2026-39969\n \n Published : May 22, 2026, 6:43 p.m. | 1\u00a0hour, 36\u00a0minutes ago\n \n Description : TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API w...", "creation_timestamp": "2026-05-22T22:51:57.686611Z"}, {"uuid": "874d1c92-fb6e-4671-83f4-4cd16865ad70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39963", "type": "published-proof-of-concept", "source": "https://github.com/s9y/Serendipity/security/advisories/GHSA-4m6c-649p-f6gf", "content": "", "creation_timestamp": "2026-04-13T22:15:38.000000Z"}, {"uuid": "205c4af4-5540-4762-ad67-2a5fedb5c043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39963", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjj2bnxkza2k", "content": "", "creation_timestamp": "2026-04-15T04:22:11.622470Z"}, {"uuid": "ea62bc3e-37bf-4c26-9b98-caf4826c937e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39962", "type": "seen", "source": "Telegram/HFSRmPQIuJm0mhlgKTjgnUZc9IKWtHrGIbUWbiDZawdQwcQ", "content": "", "creation_timestamp": "2026-04-09T19:22:33.000000Z"}]}