CVE-2026-3725
Remote Template Injection in 1024-lab SmartAdmin FreeMarker Handler
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lab1024 | smartadmin | to 3.29 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-791 | The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3725 is a Server-Side Template Injection (SSTI) vulnerability found in 1024-lab SmartAdmin versions up to 3.29. It affects the FreeMarker Template Handler component, specifically the function freemarkerResolverContent in the MailService.java file.
The vulnerability occurs because the application improperly neutralizes special elements in the template engine when processing the template_content argument. An attacker who can manipulate the template_content field in the database can inject arbitrary FreeMarker expressions.
These injected expressions are executed on the server when the email is sent, enabling remote code execution with the privileges of the application server, which can lead to complete system compromise.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary code on the server by injecting malicious template expressions into the email template_content field.
Exploitation can lead to a complete system compromise, including unauthorized access to sensitive data, modification or deletion of data, and disruption of system availability.
Because the attack can be launched remotely without authentication, it poses a significant risk to the confidentiality, integrity, and availability of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Server-Side Template Injection (SSTI) via manipulation of the template_content field in the email template database table. Detection would involve monitoring or inspecting the contents of the t_mail_template database table for suspicious or unexpected FreeMarker expressions or template code injections.
Since the vulnerability is exploited remotely by injecting malicious template expressions, network detection could include monitoring for unusual or unexpected requests that attempt to modify email templates or trigger email sending with crafted template_content.
No specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or patches are available from the vendor, as they did not respond to the disclosure.
It is suggested to replace the affected component or product to mitigate the risk.
As an immediate step, restrict or monitor access to the functionality that allows modification of the template_content field to prevent unauthorized changes.