Skip to main content

Netgis

1 CVEs product

Monthly

CVE-2026-8396 HIGH PATCH This Week

Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).

XXE Netgis
NVD
CVSS 3.1
7.5
CVSS 7.5
HIGH PATCH This Week

Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).

XXE Netgis
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy