CVE-2026-3748

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-3748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3748
Published
2026-03-08T16:16:02.020Z
Modified
2026-04-02T13:53:11.176323Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended.

References

Affected packages

Git / github.com/bytedesk/bytedesk

Affected ranges

Type
GIT
Repo
https://github.com/bytedesk/bytedesk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
11c935585a679cd1ff1970311d081131828b7e28
Fixed
975e39e4dd527596987559f56c5f9f973f64eff7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.5.1"
        }
    ]
}

Affected versions

v0.*
v0.8.3.1
v0.8.4
v0.8.4.1
v0.8.5.1
v0.8.6
v0.8.7
v0.8.7.1
v0.8.8
v0.8.8.2
v0.8.8.3
v0.8.8.6
v0.8.8.7
v0.8.9
v0.8.9.1
v0.8.9.2
v0.8.9.3
v0.9.0
v0.9.1
v0.9.1.1
v0.9.2
v0.9.2.2
v0.9.2.3
v0.9.2.4
v0.9.3
v0.9.3.1
v0.9.3.2
v0.9.4
v0.9.4.2
v0.9.4.3
v0.9.5
v0.9.5.1
v0.9.6
v0.9.6.1
v0.9.7
v0.9.8
v0.9.8.1
v0.9.8.2
v0.9.8.3
v0.9.8.4
v0.9.8.5
v0.9.8.5.1
v0.9.8.6
v0.9.9
v0.9.9.1
v0.9.9.2
v0.9.9.3
v1.*
v1.0.0
v1.0.0.1
v1.0.1
v1.0.1.1
v1.0.1.3
v1.0.1.4
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.5
v1.1.6
v1.1.7
v1.2.0
v1.2.1
v1.2.5
v1.2.6
v1.3.0
v1.3.1
v1.3.5
v1.3.9
v1.4.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3748.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "119263892884504024833929955299481638240",
                "247488366827430560660733224693109069440",
                "64807556373159769613021316268551386418",
                "129459010784434315299968034255102582954"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-169cd5ac",
        "target": {
            "file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "239665538064221918822137323843569165916",
            "length": 250.0
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-24537a76",
        "target": {
            "file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java",
            "function": "isAllowedFileType"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "122479377341404698454209492226130383620",
            "length": 1079.0
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-2fddebe4",
        "target": {
            "file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java",
            "function": "getModels"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "274038167817269739131207143375726606964",
                "231088674182546715214440626878168141466",
                "125873938923490394089642852250377316645",
                "305206919147638483988973742109998354758",
                "78345020032677885389330333087139080724",
                "102780520118596686145265438873401835287",
                "234722997311563552250648405627910365183",
                "287279851895798990821517797230125653745",
                "328589660668664360804617660733196728334",
                "70040389533810613799208026709645641419",
                "333639715772249415968936304504393660204",
                "158087350020528406775138451837588341100",
                "183837220466426519624285819598675723263",
                "104019709541608025677960492319484994012"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-54c16363",
        "target": {
            "file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "19921436927876736068494050971711185728",
            "length": 1023.0
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-5fa67ce2",
        "target": {
            "file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java",
            "function": "addWatermarkToFile"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "199547493046601588533582479412271002333",
            "length": 1090.0
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-89447cc3",
        "target": {
            "file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java",
            "function": "getModels"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "203589188997127141095948672585207992725",
                "114696107345083631801758220094929244250",
                "209891379899148326042658624705396774473",
                "116342920394568358751259379117266774298",
                "320135416038356137198816000325158582317",
                "21604643685053250782849494598537188832",
                "216350037245142520546562321410812482476",
                "251657247136955412479909462709689956813",
                "262630381942392472317936648650591691368",
                "174651757654670359278714893284972322002",
                "13016079383742014185217329021251825353",
                "313193673879648476719459992801270254961",
                "25903308969803038406497555464056195516",
                "97061705530168754845845356010207277137"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-c477634f",
        "target": {
            "file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "91531239111343626948824861013361867594",
                "13776270294228748140273300992181390009",
                "43944076098349688543184146968861096459",
                "157248747990220267138675049458815892620",
                "115164519778757848364246433931824468179",
                "48287455467883954215612363703563314438",
                "85313483198942733024534709682045456133",
                "61558225104195809358661665699836886348",
                "170831519060947719092601331960963560397",
                "156308797133923102124206777091130054924",
                "306916567731788930440819421927880012099",
                "297280219140277933947748369003834378788",
                "256893620812549740093853771663745055896",
                "232333915628026910362258300751765583021",
                "19838192663085677633605750891179649998",
                "89642158519041895924720047357138772915",
                "240991295446361655273235313926955381812",
                "321539634159326482797297867005544426360",
                "233381286014526026081628881322491281196",
                "58642526832059463025041283448999132020",
                "216366972440273404147856008377872110245",
                "335263281755682455509273376548176320291",
                "276906675863204598660328760227015549404",
                "96183534715993008127948978082506030754",
                "280168172524694546920664799190677743544",
                "243113021181552490575877670941711522564",
                "25596605800802220218374278483422329584",
                "315379503460022792917243629004247083545",
                "137474060323791373653697514445717820539",
                "118133373157864696644403789764644910125",
                "131276632878645129765559331338304942985",
                "323321504602585294263320155603354281600",
                "332685128588667323564395960332865718323"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
        "id": "CVE-2026-3748-fea760c9",
        "target": {
            "file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java"
        }
    }
]