CVE-2026-3788
Published: 09 March 2026
Summary
CVE-2026-3788 is a medium-severity SSRF (CWE-918) vulnerability in Bytedesk Bytedesk. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing web app (Bytedesk/SpringAI controller) directly enables exploitation via T1190 for unauthorized server-side requests.
NVD Description
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of the argument apiUrl leads to server-side request forgery. The attack may be launched…
more
remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.5.4 will fix this issue. The name of the patch is 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component.
Deeper analysisAI
CVE-2026-3788 is a server-side request forgery (SSRF) vulnerability affecting Bytedesk versions up to 1.3.9. The issue resides in the getModels function within the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java, part of the SpringAIOpenrouterRestController component. It allows manipulation of the apiUrl argument, enabling unauthorized requests from the server.
Attackers with low privileges (PR:L) can exploit this remotely (AV:N) with low complexity (AC:L) and no user interaction (UI:N), achieving low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), for an overall CVSS v3.1 score of 6.3. The vulnerability is associated with CWE-918 and has been publicly disclosed with an exploit available for use.
Mitigation involves upgrading to Bytedesk version 1.4.5.4, which includes the patch commit 975e39e4dd527596987559f56c5f9f973f64eff7. GitHub references, including the Bytedesk repository, the patch commit, and related issues (#20 and comments), provide further details on the fix.
The vulnerability occurs in an AI-related component integrating with OpenRouter via Spring AI, highlighting potential risks in AI service integrations within open-source customer support platforms like Bytedesk. No real-world exploitation in the wild is reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai