XML Processing Vulnerability in SolidCAM-GPPL-IDE by Anzory
CVE-2026-42212

7.1HIGH

Key Information:

Vendor

Anzory

Status
Solidcam-gppl-ide
Vendor
CVE Published:
8 May 2026

What is CVE-2026-42212?

The SolidCAM-GPPL-IDE extension is vulnerable to XML External Entity (XXE) processing issues due to improper handling of .vmid files. When a user opens a .gpp file, the associated .vmid file is parsed without adequate security settings, enabling potential attackers to exploit this flaw. They could access sensitive local files via external entity references or create denial of service conditions through memory exhaustion and oversized XML payloads. This vulnerability is addressed in version 1.0.2, which implements safer parsing practices.

Affected Version(s)

SolidCAM-GPPL-IDE >= 1.0.0, < 1.0.2

References

https://github.com/anzory/SolidCAM-GPPL-IDE/security/advi...
x_refsource_CONFIRM
https://github.com/anzory/SolidCAM-GPPL-IDE/commit/9d0ba8...
x_refsource_MISC
https://github.com/anzory/SolidCAM-GPPL-IDE/blob/master/C...
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.