CVE-2026-3748 | Bytedesk up to 1.3.9 SVG File UploadRestController.java uploadFile unrestricted upload (Issue 18)

Inserito da Angelo Barbosa | Mar 7, 2026 | CVE

A vulnerability was found in Bytedesk up to 1.3.9. It has been classified as critical. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload.

This vulnerability is known as CVE-2026-3748. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Upgrading the affected component is recommended.

CVE-2026-3748 | Bytedesk up to 1.3.9 SVG File UploadRestController.java uploadFile unrestricted upload (Issue 18)

Post correlati

CVE-2024-8126 | Advanced File Manager Plugin up to 5.2.8 on WordPress unrestricted upload

CVE-2024-5163 | TECNO com.transsion.carlcare 5.8.1.4 Setting permission

CVE-2024-7897 | Tosei Online Store Management System ネット店舗管理システム /cgi-bin/tosei_kikai.php command injection

CVE-2024-6433 | stitionai devika prior – path traversal