LOW
Dromara
CVE published 2026-05-25
CVE-2026-9498
A remote code execution vulnerability exists in Dromara lamp-cloud versions up to 5.6.2, specifically within the Message Template Handler component. The vulnerability stems from improper neutralization of special elements in the GroovyClassLoader.parseClass function when processing the DefMsgTemplate.content argument. An attacker with low privileges can exploit this template injection weakness remotely wi [truncated]