CVE-2026-3749
- Source
- https://cve.org/CVERecord?id=CVE-2026-3749
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3749.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-3749
- Published
- 2026-03-08T16:16:02.260Z
- Modified
- 2026-04-02T13:53:11.197268Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.
- References
-
- https://github.com/Bytedesk/bytedesk/
- https://vuldb.com/?id.349727
- https://vuldb.com/?submit.768030
- https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1
- https://vuldb.com/?ctiid.349727
- https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7
- https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676
- https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845
- https://github.com/Bytedesk/bytedesk/issues/19
Affected packages
Git / github.com/bytedesk/bytedesk
Affected versions
v0.*
v0.8.3.1
v0.8.4
v0.8.4.1
v0.8.5.1
v0.8.6
v0.8.7
v0.8.7.1
v0.8.8
v0.8.8.2
v0.8.8.3
v0.8.8.6
v0.8.8.7
v0.8.9
v0.8.9.1
v0.8.9.2
v0.8.9.3
v0.9.0
v0.9.1
v0.9.1.1
v0.9.2
v0.9.2.2
v0.9.2.3
v0.9.2.4
v0.9.3
v0.9.3.1
v0.9.3.2
v0.9.4
v0.9.4.2
v0.9.4.3
v0.9.5
v0.9.5.1
v0.9.6
v0.9.6.1
v0.9.7
v0.9.8
v0.9.8.1
v0.9.8.2
v0.9.8.3
v0.9.8.4
v0.9.8.5
v0.9.8.5.1
v0.9.8.6
v0.9.9
v0.9.9.1
v0.9.9.2
v0.9.9.3
v1.*
v1.0.0
v1.0.0.1
v1.0.1
v1.0.1.1
v1.0.1.3
v1.0.1.4
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.5
v1.1.6
v1.1.7
v1.2.0
v1.2.1
v1.2.5
v1.2.6
v1.3.0
v1.3.1
v1.3.5
v1.3.9
v1.4.5
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3749.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"119263892884504024833929955299481638240",
"247488366827430560660733224693109069440",
"64807556373159769613021316268551386418",
"129459010784434315299968034255102582954"
],
"threshold": 0.9
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-169cd5ac",
"target": {
"file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "239665538064221918822137323843569165916",
"length": 250.0
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-24537a76",
"target": {
"file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java",
"function": "isAllowedFileType"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "122479377341404698454209492226130383620",
"length": 1079.0
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-2fddebe4",
"target": {
"file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java",
"function": "getModels"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"274038167817269739131207143375726606964",
"231088674182546715214440626878168141466",
"125873938923490394089642852250377316645",
"305206919147638483988973742109998354758",
"78345020032677885389330333087139080724",
"102780520118596686145265438873401835287",
"234722997311563552250648405627910365183",
"287279851895798990821517797230125653745",
"328589660668664360804617660733196728334",
"70040389533810613799208026709645641419",
"333639715772249415968936304504393660204",
"158087350020528406775138451837588341100",
"183837220466426519624285819598675723263",
"104019709541608025677960492319484994012"
],
"threshold": 0.9
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-54c16363",
"target": {
"file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "19921436927876736068494050971711185728",
"length": 1023.0
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-5fa67ce2",
"target": {
"file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java",
"function": "addWatermarkToFile"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "199547493046601588533582479412271002333",
"length": 1090.0
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-89447cc3",
"target": {
"file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java",
"function": "getModels"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"203589188997127141095948672585207992725",
"114696107345083631801758220094929244250",
"209891379899148326042658624705396774473",
"116342920394568358751259379117266774298",
"320135416038356137198816000325158582317",
"21604643685053250782849494598537188832",
"216350037245142520546562321410812482476",
"251657247136955412479909462709689956813",
"262630381942392472317936648650591691368",
"174651757654670359278714893284972322002",
"13016079383742014185217329021251825353",
"313193673879648476719459992801270254961",
"25903308969803038406497555464056195516",
"97061705530168754845845356010207277137"
],
"threshold": 0.9
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-c477634f",
"target": {
"file": "modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"91531239111343626948824861013361867594",
"13776270294228748140273300992181390009",
"43944076098349688543184146968861096459",
"157248747990220267138675049458815892620",
"115164519778757848364246433931824468179",
"48287455467883954215612363703563314438",
"85313483198942733024534709682045456133",
"61558225104195809358661665699836886348",
"170831519060947719092601331960963560397",
"156308797133923102124206777091130054924",
"306916567731788930440819421927880012099",
"297280219140277933947748369003834378788",
"256893620812549740093853771663745055896",
"232333915628026910362258300751765583021",
"19838192663085677633605750891179649998",
"89642158519041895924720047357138772915",
"240991295446361655273235313926955381812",
"321539634159326482797297867005544426360",
"233381286014526026081628881322491281196",
"58642526832059463025041283448999132020",
"216366972440273404147856008377872110245",
"335263281755682455509273376548176320291",
"276906675863204598660328760227015549404",
"96183534715993008127948978082506030754",
"280168172524694546920664799190677743544",
"243113021181552490575877670941711522564",
"25596605800802220218374278483422329584",
"315379503460022792917243629004247083545",
"137474060323791373653697514445717820539",
"118133373157864696644403789764644910125",
"131276632878645129765559331338304942985",
"323321504602585294263320155603354281600",
"332685128588667323564395960332865718323"
],
"threshold": 0.9
},
"source": "https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7",
"id": "CVE-2026-3749-fea760c9",
"target": {
"file": "modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java"
}
}
]