{"id":"CVE-2026-3748","details":"A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended.","modified":"2026-04-02T13:53:11.176323Z","published":"2026-03-08T16:16:02.020Z","references":[{"type":"WEB","url":"https://github.com/Bytedesk/bytedesk/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.349726"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.768028"},{"type":"ADVISORY","url":"https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1"},{"type":"REPORT","url":"https://github.com/Bytedesk/bytedesk/issues/18"},{"type":"REPORT","url":"https://github.com/Bytedesk/bytedesk/issues/18#issue-3993448721"},{"type":"REPORT","url":"https://github.com/Bytedesk/bytedesk/issues/18#issuecomment-3976672973"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.349726"},{"type":"FIX","url":"https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bytedesk/bytedesk","events":[{"introduced":"0"},{"fixed":"11c935585a679cd1ff1970311d081131828b7e28"},{"fixed":"975e39e4dd527596987559f56c5f9f973f64eff7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.5.1"}]}}],"versions":["v0.8.3.1","v0.8.4","v0.8.4.1","v0.8.5.1","v0.8.6","v0.8.7","v0.8.7.1","v0.8.8","v0.8.8.2","v0.8.8.3","v0.8.8.6","v0.8.8.7","v0.8.9","v0.8.9.1","v0.8.9.2","v0.8.9.3","v0.9.0","v0.9.1","v0.9.1.1","v0.9.2","v0.9.2.2","v0.9.2.3","v0.9.2.4","v0.9.3","v0.9.3.1","v0.9.3.2","v0.9.4","v0.9.4.2","v0.9.4.3","v0.9.5","v0.9.5.1","v0.9.6","v0.9.6.1","v0.9.7","v0.9.8","v0.9.8.1","v0.9.8.2","v0.9.8.3","v0.9.8.4","v0.9.8.5","v0.9.8.5.1","v0.9.8.6","v0.9.9","v0.9.9.1","v0.9.9.2","v0.9.9.3","v1.0.0","v1.0.0.1","v1.0.1","v1.0.1.1","v1.0.1.3","v1.0.1.4","v1.0.2","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.5","v1.1.6","v1.1.7","v1.2.0","v1.2.1","v1.2.5","v1.2.6","v1.3.0","v1.3.1","v1.3.5","v1.3.9","v1.4.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3748.json","vanir_signatures":[{"id":"CVE-2026-3748-169cd5ac","digest":{"threshold":0.9,"line_hashes":["119263892884504024833929955299481638240","247488366827430560660733224693109069440","64807556373159769613021316268551386418","129459010784434315299968034255102582954"]},"target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-24537a76","digest":{"function_hash":"239665538064221918822137323843569165916","length":250},"target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java","function":"isAllowedFileType"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-2fddebe4","digest":{"function_hash":"122479377341404698454209492226130383620","length":1079},"target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java","function":"getModels"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-54c16363","digest":{"threshold":0.9,"line_hashes":["274038167817269739131207143375726606964","231088674182546715214440626878168141466","125873938923490394089642852250377316645","305206919147638483988973742109998354758","78345020032677885389330333087139080724","102780520118596686145265438873401835287","234722997311563552250648405627910365183","287279851895798990821517797230125653745","328589660668664360804617660733196728334","70040389533810613799208026709645641419","333639715772249415968936304504393660204","158087350020528406775138451837588341100","183837220466426519624285819598675723263","104019709541608025677960492319484994012"]},"target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-5fa67ce2","digest":{"function_hash":"19921436927876736068494050971711185728","length":1023},"target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java","function":"addWatermarkToFile"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-89447cc3","digest":{"function_hash":"199547493046601588533582479412271002333","length":1090},"target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java","function":"getModels"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-c477634f","digest":{"threshold":0.9,"line_hashes":["203589188997127141095948672585207992725","114696107345083631801758220094929244250","209891379899148326042658624705396774473","116342920394568358751259379117266774298","320135416038356137198816000325158582317","21604643685053250782849494598537188832","216350037245142520546562321410812482476","251657247136955412479909462709689956813","262630381942392472317936648650591691368","174651757654670359278714893284972322002","13016079383742014185217329021251825353","313193673879648476719459992801270254961","25903308969803038406497555464056195516","97061705530168754845845356010207277137"]},"target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"CVE-2026-3748-fea760c9","digest":{"threshold":0.9,"line_hashes":["91531239111343626948824861013361867594","13776270294228748140273300992181390009","43944076098349688543184146968861096459","157248747990220267138675049458815892620","115164519778757848364246433931824468179","48287455467883954215612363703563314438","85313483198942733024534709682045456133","61558225104195809358661665699836886348","170831519060947719092601331960963560397","156308797133923102124206777091130054924","306916567731788930440819421927880012099","297280219140277933947748369003834378788","256893620812549740093853771663745055896","232333915628026910362258300751765583021","19838192663085677633605750891179649998","89642158519041895924720047357138772915","240991295446361655273235313926955381812","321539634159326482797297867005544426360","233381286014526026081628881322491281196","58642526832059463025041283448999132020","216366972440273404147856008377872110245","335263281755682455509273376548176320291","276906675863204598660328760227015549404","96183534715993008127948978082506030754","280168172524694546920664799190677743544","243113021181552490575877670941711522564","25596605800802220218374278483422329584","315379503460022792917243629004247083545","137474060323791373653697514445717820539","118133373157864696644403789764644910125","131276632878645129765559331338304942985","323321504602585294263320155603354281600","332685128588667323564395960332865718323"]},"target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java"},"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_type":"Line","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}