CVE-2026-3725

MEDIUM

1024-lab SmartAdmin <=3.29 - Code Injection

Title source: llm

Description

A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.349703

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.349703

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.766459

Various Sources exploit

https://www.notion.so/SmartAdmin-Server-Side-Template-Injection-SSTI-in-Email-Template-Rendering-310ea92a3c418087ac63ec8e5a061b62

Scores

CVSS v3 6.3

EPSS 0.0040

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1336 CWE-791

Status published

Products (1)

lab1024/smartadmin < 3.29

Published Mar 08, 2026

Tracked Since Mar 08, 2026