CVE-2026-3749

EUVD-2026-10252

08.03.2026, 16:16

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	6.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://github.com/Bytedesk/bytedesk/

https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7

https://github.com/Bytedesk/bytedesk/issues/19

https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676

https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845

https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1

https://vuldb.com/?ctiid.349727

https://vuldb.com/?id.349727

https://vuldb.com/?submit.768030