Detections
Analytics

CVE-2026-3749

medium

Description

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.

References

https://vuldb.com/?submit.768030

https://vuldb.com/?id.349727

https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676

https://vuldb.com/?ctiid.349727

https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1

https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845

https://github.com/Bytedesk/bytedesk/issues/19

https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7

https://github.com/Bytedesk/bytedesk/

Details

Source: Mitre, NVD

Published: 2026-03-08

Updated: 2026-03-10

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00055