CVE-2026-3749
Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.
| CWE | CWE-434 CWE-284 |
| Vendor | n/a |
| Product | bytedesk |
| Published | Mar 8, 2026 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a bytedesk
Be the first to know when new medium vulnerabilities affecting n/a bytedesk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Bytedesk
1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9
References
vuldb.com: https://vuldb.com/?id.349727 vuldb.com: https://vuldb.com/?ctiid.349727 vuldb.com: https://vuldb.com/?submit.768030 github.com: https://github.com/Bytedesk/bytedesk/issues/19 github.com: https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845 github.com: https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676 github.com: https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7 github.com: https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1 github.com: https://github.com/Bytedesk/bytedesk/
Credits
๐ ZAST.AI (VulDB User)