CVE-2026-3789
Published: 09 March 2026
Summary
CVE-2026-3789 is a medium-severity SSRF (CWE-918) vulnerability in Bytedesk Bytedesk. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SSRF exploitation by validating the apiUrl argument in the getModels function of SpringAIGiteeRestService to restrict it to trusted endpoints.
Requires timely flaw remediation through upgrading Bytedesk to version 1.4.5.4, which patches the SSRF vulnerability via commit 975e39e4dd527596987559f56c5f9f973f64eff7.
Mitigates SSRF by monitoring and controlling communications at system boundaries to block or detect unauthorized outbound requests triggered by the apiUrl manipulation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing Bytedesk web application (SpringAIGiteeRestController) directly enables exploitation of a public-facing application.
NVD Description
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl results in server-side request forgery. Remote exploitation of the attack is…
more
possible. The exploit is now public and may be used. Upgrading to version 1.4.5.4 is able to address this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is advised.
Deeper analysisAI
CVE-2026-3789 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting Bytedesk versions up to 1.3.9. The flaw exists in the getModels function of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java within the SpringAIGiteeRestController component. Published on 2026-03-09, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability enables remote exploitation through manipulation of the apiUrl argument. Low-privileged remote attackers (PR:L) can trigger SSRF without user interaction, potentially achieving low-level impacts on confidentiality, integrity, and availability.
Advisories recommend upgrading to Bytedesk version 1.4.5.4, which resolves the issue via patch commit 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is advised, as the exploit is now public and may be used.
The vulnerable component relates to Bytedesk's AI integration using SpringAI and the Gitee provider, with details available in the project's GitHub repository, including issues #21 and the referenced commit.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai