Improper XML Input Handling in GRASSMARLIN by CISA
CVE-2026-6807
Key Information:
- Vendor
Nsa
- Status
- Vendor
- CVE Published:
- 28 April 2026
Badges
What is CVE-2026-6807?
A vulnerability exists in GRASSMARLIN v3.2.1 that arises from inadequate protection against the handling of XML input. Specifically, crafted session data can exploit this flaw, leading to the unintended exposure of sensitive information. The underlying issue is due to insufficient hardening in the XML parsing process, which can be manipulated to disclose data without proper authorization.
Affected Version(s)
GRASSMARLIN All versions
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
NSA's GrassMarlin Tool Carries Hidden Data Leak Flaw, CISA Warns Critical Infrastructure Operators
CISA spotlighted CVE-2026-6807, a data-theft flaw in NSA's legacy GrassMarlin OT tool, enabling XXE attacks via malicious XML sessions. No patches exist for the end-of-life software still used in SCADA environments.
CISA flags data-theft bug in NSA-built OT networking tool
: GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by theregister
Vulnerability published
Vulnerability Reserved
