CVE-2026-8396 PUBLISHED

XXE in Netcad's NetGIS

Assigner: TR-CERT
Reserved: 12.05.2026 Published: 17.07.2026 Updated: 17.07.2026

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking.

This issue affects NetGIS: from 5.0.66 before 7.2.2.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Product Status

Vendor Netcad Software Inc.
Product NetGIS
Versions Default: unaffected
  • affected from 5.0.66 to 7.2.2 (excl.)

References

Problem Types

  • CWE-611 Improper restriction of XML external entity reference CWE

Impacts

  • CAPEC-201 Serialized Data External Linking