Description
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Template Injection
Action: Assess Impact
AI Analysis

Impact

The flaw lies in the Freemarker template resolver within SmartAdmin’s mail service, where the template_content parameter is not properly neutralized. This can allow a specially crafted template to be processed by the Freemarker engine, leading to server‑side template injection. As a result, the attacker may be able to execute arbitrary FreeMarker expressions during email generation. The vulnerability can be triggered remotely through any input that reaches the template_content argument.

Affected Systems

The vulnerability affects SmartAdmin versions up to 3.29 distributed by 1024‑lab and lab1024. The affected component is the MailService.java within the FreeMarker Template Handler module. No public fix or patch has been released, and the vendor has not responded to the disclosure.

Risk and Exploitability

The CVSS base score is 5.3, indicating medium severity, and the EPSS probability is below 1 %, showing a low likelihood of widespread exploitation. Nevertheless, an exploit has already been published and can be triggered remotely, so the risk remains present. The vulnerability is not listed in the CISA KEV catalog, but the availability of an exploit in public repositories mandates that organizations assess the threat and implement mitigations.

Generated by OpenCVE AI on April 17, 2026 at 12:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest SmartAdmin release or vendor‑issued patch if it becomes available
  • Validate and sanitize the template_content input, allowing only a whitelist of safe expressions before processing by FreeMarker
  • Restrict remote access to the email rendering service, for example by firewall rules or application‑level authentication
  • Monitor logs for unexpected template rendering activity to detect potential exploitation attempts

Generated by OpenCVE AI on April 17, 2026 at 12:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:lab1024:smartadmin:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared 1024-lab
1024-lab smartadmin
Lab1024
Lab1024 smartadmin
Vendors & Products 1024-lab
1024-lab smartadmin
Lab1024
Lab1024 smartadmin

Sun, 08 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engine
Weaknesses CWE-1336
CWE-791
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

1024-lab Smartadmin
Lab1024 Smartadmin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T15:32:45.478Z

Reserved: 2026-03-07T17:42:23.038Z

Link: CVE-2026-3725

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T09:16:18.397

Modified: 2026-03-13T15:35:08.210

Link: CVE-2026-3725

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:15:18Z

Weaknesses