PT-2026-23954 · Bytedesk · Bytedesk
Zast.Ai
·
Published
2026-03-08
·
Updated
2026-03-08
·
CVE-2026-3748
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bytedesk versions up to 1.3.9
Description
A security flaw exists in Bytedesk that allows for unrestricted file uploads. This issue is present in the SVG File Handler component, specifically within the
uploadFile function located in the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java. Exploitation of this flaw is possible remotely, and an exploit has been publicly released.Recommendations
Upgrade to Bytedesk version 1.4.5.1 to address this issue.
Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bytedesk