Cyber Posture

CVE-2026-3789

MediumPublic PoC

Published: 09 March 2026

Published
09 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0013 31.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl results in server-side request forgery. Remote exploitation of the attack is…

more

possible. The exploit is now public and may be used. Upgrading to version 1.4.5.4 is able to address this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is advised.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SSRF exploitation by validating the apiUrl argument in the getModels function of SpringAIGiteeRestService to restrict it to trusted endpoints.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through upgrading Bytedesk to version 1.4.5.4, which patches the SSRF vulnerability via commit 975e39e4dd527596987559f56c5f9f973f64eff7.

SC-7 Boundary Protection partial match
preventdetect

Mitigates SSRF by monitoring and controlling communications at system boundaries to block or detect unauthorized outbound requests triggered by the apiUrl manipulation.

Security SummaryAI

CVE-2026-3789 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting Bytedesk versions up to 1.3.9. The flaw exists in the getModels function of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java within the SpringAIGiteeRestController component. Published on 2026-03-09, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability enables remote exploitation through manipulation of the apiUrl argument. Low-privileged remote attackers (PR:L) can trigger SSRF without user interaction, potentially achieving low-level impacts on confidentiality, integrity, and availability.

Advisories recommend upgrading to Bytedesk version 1.4.5.4, which resolves the issue via patch commit 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is advised, as the exploit is now public and may be used.

The vulnerable component relates to Bytedesk's AI integration using SpringAI and the Gitee provider, with details available in the project's GitHub repository, including issues #21 and the referenced commit.

Details

CWE(s)
CWE-918

Affected Products

bytedesk
bytedesk
≤ 1.4.5.4

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SSRF vulnerability in public-facing Bytedesk web application (SpringAIGiteeRestController) directly enables exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References