CVE-2026-42213
Received Received - Intake
Path Traversal in SolidCAM-GPPL-IDE

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link (VS Code textDocument/documentLink). The handler accepted arbitrary paths β€” absolute, relative with parent-directory segments (..\..\..\), UNC (\\server\share\), and arbitrary subfolders β€” and called File.Exists on each to decide whether to render the link. Two distinct attack surfaces resulted: information disclosure via File.Exists probing and NTLM hash leak via UNC path probing. This issue has been patched in version 1.0.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-09
EPSS Evaluated
N/A
NVD
CVE-2026-42213
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
solidcam gppl_ide From 1.0.0 (inc) to 1.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-295 The product does not validate, or incorrectly validates, a certificate.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in SolidCAM-GPPL-IDE, an unofficial extension for SolidCAM, specifically in versions from 1.0.0 to before 1.0.2. The issue is with the "filename" directive in GPPL postprocessor files, which is handled by GpplDocumentLinkHandler to create clickable links in VS Code. This handler accepted arbitrary file paths, including absolute paths, relative paths with parent-directory segments, UNC paths, and arbitrary subfolders, and used File.Exists to check if the file exists before rendering the link.

Because the handler accepted arbitrary paths, two attack surfaces emerged: one allowing information disclosure through File.Exists probing, and another allowing NTLM hash leaks via UNC path probing. This means an attacker could potentially gather information about the file system or cause the system to leak NTLM hashes by exploiting how the handler processes these paths.

This vulnerability was fixed in version 1.0.2 of SolidCAM-GPPL-IDE.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker to perform information disclosure through probing the file system using the File.Exists method. This could reveal the presence or absence of files or directories on your system.

Additionally, the vulnerability allows for NTLM hash leaks via UNC path probing. This means an attacker could potentially capture NTLM authentication hashes, which could be used in further attacks such as credential replay or lateral movement within a network.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been patched in SolidCAM-GPPL-IDE version 1.0.2. Immediate mitigation involves updating the software to version 1.0.2 or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart