{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-9498", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-25T09:53:00.451Z", "datePublished": "2026-05-25T20:00:18.474Z", "dateUpdated": "2026-05-28T15:44:33.709Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-25T20:00:18.474Z" }, "title": "Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine", "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-1336", "lang": "en", "description": "Improper Neutralization of Special Elements Used in a Template Engine" } ] }, { "descriptions": [ { "type": "CWE", "cweId": "CWE-791", "lang": "en", "description": "Incomplete Filtering of Special Elements" } ] } ], "affected": [ { "vendor": "Dromara", "product": "lamp-cloud", "versions": [ { "version": "5.6.0", "status": "affected" }, { "version": "5.6.1", "status": "affected" }, { "version": "5.6.2", "status": "affected" } ], "cpes": [ "cpe:2.3:a:dromara:lamp-cloud:*:*:*:*:*:*:*:*" ], "modules": [ "Message Template Handler" ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." } ], "metrics": [ { "cvssV4_0": { "version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM" } }, { "cvssV3_1": { "version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM" } }, { "cvssV3_0": { "version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM" } }, { "cvssV2_0": { "version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" } } ], "timeline": [ { "time": "2026-05-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed" }, { "time": "2026-05-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created" }, { "time": "2026-05-25T11:58:04.000Z", "lang": "en", "value": "VulDB entry last update" } ], "credits": [ { "lang": "en", "value": "Ku4D3 (VulDB User)", "type": "reporter" }, { "lang": "en", "value": "VulDB CNA Team", "type": "coordinator" } ], "references": [ { "url": "https://vuldb.com/vuln/365481", "name": "VDB-365481 | Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine", "tags": [ "vdb-entry", "technical-description" ] }, { "url": "https://vuldb.com/vuln/365481/cti", "name": "VDB-365481 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ] }, { "url": "https://vuldb.com/submit/814103", "name": "Submit #814103 | dromara lamp-cloud releases Injection", "tags": [ "third-party-advisory" ] }, { "url": "https://github.com/Ku4D3/bug_story/blob/main/report_02.md", "tags": [ "exploit" ] } ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-28T15:44:15.208040Z", "id": "CVE-2026-9498", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-28T15:44:33.709Z" } } ] } }