CVE-2026-3749 | Bytedesk up to 1.3.9 SVG File UploadRestService.java handleFileUpload unrestricted upload (Issue 19)

Inserito da Angelo Barbosa | Mar 7, 2026 | CVE

A vulnerability was found in Bytedesk up to 1.3.9. It has been declared as critical. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload.

This vulnerability is handled as CVE-2026-3749. The attack can be executed remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-3749 | Bytedesk up to 1.3.9 SVG File UploadRestService.java handleFileUpload unrestricted upload (Issue 19)

Post correlati

CVE-2024-49377 | OctoPrint up to 1.10.2 cross site scripting (GHSA-xvxq-g8hw-fx4g)

CVE-2025-13352 | Mattermost up to 10.11.6 Plugin Bot Identity improper validation of specified type of input

CVE-2025-66287 | WebKitGTK Web Content buffer overflow

CVE-2024-25574 | Delta Electronics DIAEnergie prior 1.10.00.005 GetDIAE_usListParameters sql injection (icsa-24-074-12)