{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/netcad-software-inc./feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-8396"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["NetGIS (5.0.66 through 7.2.1)"],"_cs_severities":["high"],"_cs_tags":["xxe","vulnerability","web-application","information-disclosure","cwe-611"],"_cs_type":"advisory","_cs_vendors":["Netcad Software Inc."],"content_html":"\u003cp\u003eAn improper restriction of XML external entity reference (XXE) vulnerability, tracked as CVE-2026-8396, has been identified in Netcad Software Inc.'s NetGIS application. This vulnerability affects versions from 5.0.66 up to, but not including, 7.2.2. The flaw allows for \u0026quot;Serialized Data External Linking,\u0026quot; where an attacker can supply specially crafted XML input that causes the application to parse and include external content, potentially from local files or remote servers. This can lead to sensitive information disclosure or server-side request forgery (SSRF), with a CVSS v3.1 base score of 7.5 (High). This vulnerability poses a significant risk to organizations using affected NetGIS versions, as it can allow unauthenticated access to internal system information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a public-facing instance of Netcad NetGIS running an affected version (5.0.66 through 7.2.1).\u003c/li\u003e\n\u003cli\u003eThe attacker identifies application endpoints within NetGIS that accept XML input through HTTP requests.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious XML document that includes an external entity (XXE) declaration configured to retrieve sensitive content from the target system, such as \u003ccode\u003e/etc/passwd\u003c/code\u003e or system configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker sends this specially crafted XML document within an HTTP POST request to the vulnerable NetGIS endpoint.\u003c/li\u003e\n\u003cli\u003eThe NetGIS application's XML parser processes the input, and due to the improper restriction of XML external entity references (CWE-611), it resolves the declared external entity.\u003c/li\u003e\n\u003cli\u003eThe content of the specified local file or external resource is then fetched by the NetGIS application and embedded into the XML parser's output.\u003c/li\u003e\n\u003cli\u003eThe NetGIS application's response, which may include an error message or a processed XML document, inadvertently contains the sensitive data fetched by the external entity.\u003c/li\u003e\n\u003cli\u003eThe attacker receives and parses the application's response to extract the exfiltrated sensitive information, leading to data exposure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-8396 can lead to the unauthorized disclosure of sensitive information from the underlying server or its internal network. Attackers can leverage this vulnerability to read arbitrary files on the system, potentially including configuration files, source code, or credentials, which could facilitate further compromise. While specific victim counts are not available, any organization utilizing vulnerable Netcad NetGIS versions could be at risk. The impact extends beyond simple data leakage, as XXE can sometimes be chained with other vulnerabilities to achieve remote code execution or used for network reconnaissance within the target's internal infrastructure by performing server-side request forgery.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-8396 immediately by upgrading Netcad NetGIS to version 7.2.2 or higher.\u003c/li\u003e\n\u003cli\u003eReview web server access logs and application logs for unusual HTTP POST requests containing XML content that may indicate attempts to exploit XML external entity vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T13:22:39Z","date_published":"2026-07-17T13:22:39Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-8396-netgis-xxe/","summary":"A critical XML External Entity (XXE) vulnerability, CVE-2026-8396, in Netcad Software Inc.'s NetGIS allows unauthenticated remote attackers to perform serialized data external linking, potentially leading to sensitive information disclosure or server-side request forgery.","title":"Improper Restriction of XML External Entity Reference in Netcad Software NetGIS (CVE-2026-8396)","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-8396-netgis-xxe/"}],"language":"en","title":"CraftedSignal Threat Feed - Netcad Software Inc.","version":"https://jsonfeed.org/version/1.1"}