CVE-2026-3749

Exploit

EPSS 0.42%
Veröffentlicht 08.03.2026 16:02:14
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bytedesk ≫ Bytedesk Version < 1.4.5.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.336

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7

Patch

https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.1

Release Notes

https://github.com/Bytedesk/bytedesk/

Product

https://vuldb.com/?id.349727

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.349727

VDB Entry

Permissions Required

https://vuldb.com/?submit.768030

Third Party Advisory

VDB Entry

https://github.com/Bytedesk/bytedesk/issues/19

Vendor Advisory

Exploit

https://github.com/Bytedesk/bytedesk/issues/19#issuecomment-3976672845

Vendor Advisory

Exploit

https://github.com/Bytedesk/bytedesk/issues/19#issue-3993480676

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-3749

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3749

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3749

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3749