Vulnerabilities

CVE-2026-3749 - Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

2026-03-08 0 views admin

CVE ID :CVE-2026-3749 Published : March 8, 2026, 4:16 p.m. | 1 hour, 36 minutes ago Description :A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-3749

Severity

MEDIUM

Published

March 8, 2026

Affected Product: java

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-3749mediumjava

CVE-2026-3749 - Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-69647 - Apache GNU Binutils Denial-of-Service

CVE-2025-70238 - D-Link DIR-513 Stack Buffer Overflow Vulnerability

CVE-2025-69648 - Apache GNU Binutils Denial-of-Service Vulnerability

CVE-2025-70250 - D-Link DIR-513 Buffer Overflow Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting