CVE-2026-3725

Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions up to 3.29

Description A flaw exists in the freemarkerResolverContent function within the FreeMarker Template Handler component, specifically in the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java. Manipulation of the template content argument can lead to improper neutralization of special elements used in a template engine, allowing for remote exploitation. The exploit has been published.

Recommendations Versions prior to 3.29 should be updated. As a temporary workaround, consider restricting the use of the freemarkerResolverContent function until a patch is available.