Sanluan PublicCMS 6.202506.d FTL View Improper Neutralization
CVE-2026-5987 Published on April 9, 2026
Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler. Such manipulation leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Products Associated with CVE-2026-5987
Want to know whenever a new CVE is published for Publiccms? stack.watch will email you.
Affected Versions
Sanluan PublicCMS:- Version 4.0.202506.a is affected.
- Version 4.0.202506.b is affected.
- Version 5.202506.a is affected.
- Version 5.202506.b is affected.
- Version 5.202506.d is affected.
- Version 6.202506.d is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.