CVE-2026-8740 | Sanluan PublicCMS 5.202506.d templateResult API TemplateResultDirective.java execute templateContent special elements used in a template engine

A vulnerability was found in Sanluan PublicCMS 5.202506.d. It has been classified as critical. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent causes improper neutralization of special elements used in a template engine.

This vulnerability is tracked as CVE-2026-8740. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8740 | Sanluan PublicCMS 5.202506.d templateResult API TemplateResultDirective.java execute templateContent special elements used in a template engine

Post correlati

CVE-2025-24416 | Adobe Commerce cross site scripting (apsb25-08)

CVE-2025-9083 | Ninja Forms Plugin up to 3.11.0 on WordPress deserialization

CVE-2025-53477 | Apache NimBLE 1.7.0/1.8.0 Host HCI Layer null pointer dereference

CVE-2024-45617 | libopensc uninitialized pointer