A vulnerability labeled as critical has been found in Dromara lamp-cloud up to 5.6.2 . Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler . Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. This vulnerability is referenced as CVE-2026-9498 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this