CVE-2026-3788 – This CVE-2026-3788 is a server-side request for... (How to Fix)

Q: What is the severity of CVE-2026-3788?

CVE-2026-3788 has a CVSS score of 6.3 (MEDIUM). This CVE-2026-3788 is a server-side request forgery (SSRF) vulnerability in Bytedesk's SpringAIOpenrouterRestController component. Attackers can manipulate the apiUrl parameter to make the server send unauthorized requests to internal systems. This affects all Bytedesk deployments up to version 1.3.9.

📋 TL;DR

This CVE-2026-3788 is a server-side request forgery (SSRF) vulnerability in Bytedesk's SpringAIOpenrouterRestController component. Attackers can manipulate the apiUrl parameter to make the server send unauthorized requests to internal systems. This affects all Bytedesk deployments up to version 1.3.9.

💻 Affected Systems

Products:

Bytedesk

Versions: up to 1.3.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SpringAIOpenrouterRestController component specifically. Any deployment using this component is vulnerable.

📦 What is this software?

Bytedesk by Bytedesk

View all CVEs affecting Bytedesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, data exfiltration, or lateral movement to critical systems via the vulnerable server as a proxy.

🟠

Likely Case

Unauthorized access to internal APIs, metadata services, or cloud instance metadata leading to credential theft and privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for information disclosure about internal network structure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute. The vulnerability is in a REST controller making it easily accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.5.4

Vendor Advisory: https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Upgrade Bytedesk to version 1.4.5.4 or later. 3. Restart the Bytedesk service. 4. Verify the patch is applied by checking the commit hash 975e39e4dd527596987559f56c5f9f973f64eff7.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from the Bytedesk server to only necessary external endpoints.

Input Validation

all

Implement strict validation of apiUrl parameter to allow only trusted domains.

🧯 If You Can't Patch

Implement strict network egress filtering to block requests to internal IP ranges and sensitive endpoints.
Deploy a web application firewall (WAF) with SSRF protection rules to block malicious apiUrl values.

🔍 How to Verify

Check if Vulnerable:

Check if Bytedesk version is 1.3.9 or earlier and if the SpringAIOpenrouterRestController component is enabled.

Check Version:

Check the Bytedesk application properties or admin interface for version information.

Verify Fix Applied:

Verify the installed version is 1.4.5.4 or later and check for commit hash 975e39e4dd527596987559f56c5f9f973f64eff7 in the codebase.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the Bytedesk server to internal IP addresses or unexpected domains
Multiple failed attempts to access restricted endpoints via the apiUrl parameter

Network Indicators:

HTTP requests from Bytedesk server to internal network segments (10.x.x.x, 172.16.x.x, 192.168.x.x)
Requests to cloud metadata endpoints (169.254.169.254 for AWS)

SIEM Query:

source_ip="bytedesk_server" AND (dest_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) OR dest_ip="169.254.169.254")

📊 Metadata

CVE ID: CVE-2026-3788

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

Published: March 9, 2026

Last Updated: March 10, 2026

🔗 References

https://github.com/Bytedesk/bytedesk/ Product
https://github.com/Bytedesk/bytedesk/commit/975e39e4dd527596987559f56c5f9f973f64eff7 Patch
https://github.com/Bytedesk/bytedesk/issues/20 Exploit,Third Party Advisory
https://github.com/Bytedesk/bytedesk/issues/20#issue-3993526693 Exploit,Third Party Advisory
https://github.com/Bytedesk/bytedesk/issues/20#issuecomment-3976672715 Exploit,Third Party Advisory
https://github.com/Bytedesk/bytedesk/releases/tag/v1.4.5.4 Release Notes
https://vuldb.com/?ctiid.349755 Permissions Required,VDB Entry
https://vuldb.com/?id.349755 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.768043 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3788, you might also want to check these: