CVE-2026-3788 is a server-side request forgery (SSRF) vulnerability identified in Bytedesk software versions 1.3.0 through 1.3.9. The vulnerability exists in the getModels method within the SpringAIOpenrouterRestService.java source file, part of the SpringAIOpenrouterRestController component. The root cause is insufficient validation or sanitization of the apiUrl parameter, which an attacker can manipulate to coerce the server into making arbitrary HTTP requests. This can allow attackers to access internal resources, bypass firewall restrictions, or retrieve sensitive information from internal networks that are otherwise inaccessible externally. The vulnerability can be exploited remotely without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability at a low level (VC:L, VI:L, VA:L). The vulnerability was publicly disclosed on March 8, 2026, and a patch is available in version 1.4.5.4, identified by patch commit 975e39e4dd527596987559f56c5f9f973f64eff7. While no active exploitation has been reported, the public disclosure increases the risk of future attacks. The vulnerability highlights the importance of proper input validation in server-side components that handle external URLs or API endpoints.

The SSRF vulnerability in Bytedesk could allow attackers to make unauthorized requests from the vulnerable server to internal or external systems. This can lead to several impacts: unauthorized access to internal network services that are not exposed externally, potentially exposing sensitive data or internal APIs; information disclosure if the attacker can retrieve internal metadata or configuration details; potential pivoting to other internal systems leading to broader network compromise; disruption of service if the attacker causes the server to make malicious or resource-intensive requests; and undermining trust in the affected application. Organizations relying on Bytedesk for AI or chat services may face data confidentiality risks and operational disruptions. The medium CVSS score reflects that while the vulnerability is exploitable remotely without authentication, the impact on confidentiality, integrity, and availability is limited to low levels individually. However, combined with other vulnerabilities or misconfigurations, the risk could escalate. Industries with sensitive internal networks or regulatory requirements for data protection are particularly at risk.

To mitigate CVE-2026-3788, organizations should immediately upgrade Bytedesk to version 1.4.5.4 or later, which contains the official patch addressing the SSRF vulnerability. Beyond patching, implement strict input validation and sanitization on any parameters that accept URLs or external resource identifiers to prevent manipulation. Employ network segmentation and firewall rules to restrict the server's ability to make arbitrary outbound requests, limiting access to only trusted endpoints. Monitor and log outbound requests from the Bytedesk server to detect unusual or unauthorized access attempts. Use web application firewalls (WAFs) with SSRF detection capabilities to block suspicious payloads. Conduct regular security assessments and code reviews focusing on external input handling. If upgrading is temporarily not possible, consider disabling or restricting the vulnerable component or function. Educate developers and administrators about SSRF risks and secure coding practices to prevent similar issues in the future.