Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SmartAdmin Template Engine Allows Remote Code Execution
CVE-2026-3725
Summary
The SmartAdmin application's template engine can be exploited by hackers to run malicious code on the server. This could allow an attacker to access sensitive information or take control of the server. We recommend updating to the latest version of SmartAdmin to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| lab1024 | smartadmin | <= 3.29 | – |
Original title
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/suppor...
Original description
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-791
CWE-1336
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026