CVE-2026-42212

Published: Mag 09, 2026 Last Modified: Mag 09, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory (naming convention: foo.gpp to foo.vmid). The VMID parser called XDocument.Load(path) without any XmlReaderSettings, inheriting the framework defaults which in .NET 8 allow DTD processing. A malicious .vmid file could therefore: disclose local files via external entity references, exhaust memory via recursive entity expansion, and cause denial of service via oversized or deeply nested XML. This issue has been patched in version 1.0.2.

400

Uncontrolled Resource Consumption

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other
Applicable Platforms
Technologies: AI/ML, Not Technology-Specific
Likelihood of Exploit: High
View CWE Details
611

Improper Restriction of XML External Entity Reference

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Read Application Data Read Files Or Directories Bypass Protection Mechanism Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: Not Language-Specific, XML
Technologies: Not Technology-Specific, Web Based
View CWE Details
776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Other)
Applicable Platforms
Languages: Not Language-Specific, XML
Likelihood of Exploit: Medium
View CWE Details
https://github.com/anzory/SolidCAM-GPPL-IDE/blob/master/CHA…
https://github.com/anzory/SolidCAM-GPPL-IDE/blob/master/CHANGELOG.md#102--2026-…
https://github.com/anzory/SolidCAM-GPPL-IDE/commit/9d0ba808…
https://github.com/anzory/SolidCAM-GPPL-IDE/commit/9d0ba808afd143ede448026a5dc6…
https://github.com/anzory/SolidCAM-GPPL-IDE/releases/tag/v1…
https://github.com/anzory/SolidCAM-GPPL-IDE/releases/tag/v1.0.2
https://github.com/anzory/SolidCAM-GPPL-IDE/security/adviso…
https://github.com/anzory/SolidCAM-GPPL-IDE/security/advisories/GHSA-92vg-f4fq-…