CVE-2026-42213

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1

Description The GpplDocumentLinkHandler resolves the filename directive in GPPL postprocessor files into clickable links. The handler accepts arbitrary absolute, relative, UNC, and subfolder paths, calling File.Exists to determine if a link should be rendered. This allows for information disclosure through path probing and NTLM hash leaks via UNC path probing.

Recommendations Update to version 1.0.2.