CVE-2026-3749

CVSS v3.1

8.8

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bytedesk versions through 1.3.9

Description A weakness exists in Bytedesk that allows for unrestricted file uploads. The issue affects the handleFileUpload function within the SVG File Handler component, located at source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java. This manipulation can be executed remotely. The exploit is publicly available.

Recommendations Upgrade to version 1.4.5.1 to resolve this issue.

Exploit

Fix

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-284

Related Identifiers

CVE-2026-3749

Affected Products

Bytedesk

CVE-2026-3749

Weakness Enumeration

Related Identifiers

Affected Products

References · 15