{"id":"CVE-2026-3749","details":"A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.","modified":"2026-04-02T13:53:11.197268Z","published":"2026-03-08T16:16:02.260Z","references":[{"type":"WEB","url":"https://github.com/Bytedesk/bytedesk/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.349727"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.768030"},{"type":"ADVISORY","url":"https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.349727"},{"type":"FIX","url":"https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7"},{"type":"EVIDENCE","url":"https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676"},{"type":"EVIDENCE","url":"https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845"},{"type":"EVIDENCE","url":"https://github.com/Bytedesk/bytedesk/issues/19"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bytedesk/bytedesk","events":[{"introduced":"0"},{"fixed":"11c935585a679cd1ff1970311d081131828b7e28"},{"fixed":"975e39e4dd527596987559f56c5f9f973f64eff7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.5.1"}]}}],"versions":["v0.8.3.1","v0.8.4","v0.8.4.1","v0.8.5.1","v0.8.6","v0.8.7","v0.8.7.1","v0.8.8","v0.8.8.2","v0.8.8.3","v0.8.8.6","v0.8.8.7","v0.8.9","v0.8.9.1","v0.8.9.2","v0.8.9.3","v0.9.0","v0.9.1","v0.9.1.1","v0.9.2","v0.9.2.2","v0.9.2.3","v0.9.2.4","v0.9.3","v0.9.3.1","v0.9.3.2","v0.9.4","v0.9.4.2","v0.9.4.3","v0.9.5","v0.9.5.1","v0.9.6","v0.9.6.1","v0.9.7","v0.9.8","v0.9.8.1","v0.9.8.2","v0.9.8.3","v0.9.8.4","v0.9.8.5","v0.9.8.5.1","v0.9.8.6","v0.9.9","v0.9.9.1","v0.9.9.2","v0.9.9.3","v1.0.0","v1.0.0.1","v1.0.1","v1.0.1.1","v1.0.1.3","v1.0.1.4","v1.0.2","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.5","v1.1.6","v1.1.7","v1.2.0","v1.2.1","v1.2.5","v1.2.6","v1.3.0","v1.3.1","v1.3.5","v1.3.9","v1.4.5"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["119263892884504024833929955299481638240","247488366827430560660733224693109069440","64807556373159769613021316268551386418","129459010784434315299968034255102582954"]},"deprecated":false,"id":"CVE-2026-3749-169cd5ac"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadRestService.java","function":"isAllowedFileType"},"signature_type":"Function","digest":{"length":250,"function_hash":"239665538064221918822137323843569165916"},"deprecated":false,"id":"CVE-2026-3749-24537a76"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java","function":"getModels"},"signature_type":"Function","digest":{"length":1079,"function_hash":"122479377341404698454209492226130383620"},"deprecated":false,"id":"CVE-2026-3749-2fddebe4"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["274038167817269739131207143375726606964","231088674182546715214440626878168141466","125873938923490394089642852250377316645","305206919147638483988973742109998354758","78345020032677885389330333087139080724","102780520118596686145265438873401835287","234722997311563552250648405627910365183","287279851895798990821517797230125653745","328589660668664360804617660733196728334","70040389533810613799208026709645641419","333639715772249415968936304504393660204","158087350020528406775138451837588341100","183837220466426519624285819598675723263","104019709541608025677960492319484994012"]},"deprecated":false,"id":"CVE-2026-3749-54c16363"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java","function":"addWatermarkToFile"},"signature_type":"Function","digest":{"length":1023,"function_hash":"19921436927876736068494050971711185728"},"deprecated":false,"id":"CVE-2026-3749-5fa67ce2"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java","function":"getModels"},"signature_type":"Function","digest":{"length":1090,"function_hash":"199547493046601588533582479412271002333"},"deprecated":false,"id":"CVE-2026-3749-89447cc3"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/ai/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["203589188997127141095948672585207992725","114696107345083631801758220094929244250","209891379899148326042658624705396774473","116342920394568358751259379117266774298","320135416038356137198816000325158582317","21604643685053250782849494598537188832","216350037245142520546562321410812482476","251657247136955412479909462709689956813","262630381942392472317936648650591691368","174651757654670359278714893284972322002","13016079383742014185217329021251825353","313193673879648476719459992801270254961","25903308969803038406497555464056195516","97061705530168754845845356010207277137"]},"deprecated":false,"id":"CVE-2026-3749-c477634f"},{"source":"https://github.com/bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7","signature_version":"v1","target":{"file":"modules/core/src/main/java/com/bytedesk/core/upload/UploadWatermarkService.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["91531239111343626948824861013361867594","13776270294228748140273300992181390009","43944076098349688543184146968861096459","157248747990220267138675049458815892620","115164519778757848364246433931824468179","48287455467883954215612363703563314438","85313483198942733024534709682045456133","61558225104195809358661665699836886348","170831519060947719092601331960963560397","156308797133923102124206777091130054924","306916567731788930440819421927880012099","297280219140277933947748369003834378788","256893620812549740093853771663745055896","232333915628026910362258300751765583021","19838192663085677633605750891179649998","89642158519041895924720047357138772915","240991295446361655273235313926955381812","321539634159326482797297867005544426360","233381286014526026081628881322491281196","58642526832059463025041283448999132020","216366972440273404147856008377872110245","335263281755682455509273376548176320291","276906675863204598660328760227015549404","96183534715993008127948978082506030754","280168172524694546920664799190677743544","243113021181552490575877670941711522564","25596605800802220218374278483422329584","315379503460022792917243629004247083545","137474060323791373653697514445717820539","118133373157864696644403789764644910125","131276632878645129765559331338304942985","323321504602585294263320155603354281600","332685128588667323564395960332865718323"]},"deprecated":false,"id":"CVE-2026-3749-fea760c9"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3749.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}