CVE-2026-3789 | Bytedesk up to 1.3.9 SpringAIGiteeRestController SpringAIGiteeRestService.java getModels apiUrl server-side request forgery (Issue 21)

A vulnerability was found in Bytedesk up to 1.3.9. It has been rated as critical. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl results in server-side request forgery.

This vulnerability is known as CVE-2026-3789. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More