CVE-2026-9498 | Dromara lamp-cloud up to 5.6.2 Message Template GroovyClassLoader.parseClass DefMsgTemplate.content special elements used in a template engine

A vulnerability labeled as critical has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine.

This vulnerability is referenced as CVE-2026-9498. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More