File Inclusion Vulnerability in SolidCAM-GPPL-IDE Extension by SolidCAM
CVE-2026-42213

5.1MEDIUM

Key Information:

Vendor

Anzory

Status
Solidcam-gppl-ide
Vendor
CVE Published:
8 May 2026

What is CVE-2026-42213?

The SolidCAM-GPPL-IDE extension, which serves as a postprocessor IDE for SolidCAM, contains a file inclusion vulnerability due to the misuse of the 'filename' directive in GPPL postprocessor files. This flaw allows the handler to resolve arbitrary paths, including absolute paths, relative paths with directory traversal, and UNC paths, leading to potential information disclosure and NTLM hash leakage. The issue affects versions 1.0.0 to 1.0.1 and was patched in version 1.0.2, enhancing the security of users against these vulnerability risks.

Affected Version(s)

SolidCAM-GPPL-IDE >= 1.0.0, < 1.0.2

References

https://github.com/anzory/SolidCAM-GPPL-IDE/security/advi...
x_refsource_CONFIRM
https://github.com/anzory/SolidCAM-GPPL-IDE/commit/9d0ba8...
x_refsource_MISC
https://github.com/anzory/SolidCAM-GPPL-IDE/releases/tag/...
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.