Vendor
A critical XML External Entity (XXE) vulnerability, CVE-2026-8396, in Netcad Software Inc.'s NetGIS allows unauthenticated remote attackers to perform serialized data external linking, potentially leading to sensitive information disclosure or server-side request forgery.