⚠️ CRITICAL: CVE-2026-48768 in typebot.io (≤3.16.1) allows unauthenticated path injection — attackers can upload HTML/JS to public paths, risking stored XSS. Upgrade to 3.17.0. https://radar.offseq.com/threat/cve-2026-48768-cwe-22-improper-limitation-of-a-pat-bab741214d20a19d #OffSeq #CVE202648768 #Infosec #PathTraversal