CVE-2026-6807
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NSA | GRASSMARLIN | All versions | affected |
Weaknesses
- CWE-611: CWE-611
Workarounds
NSA has indicated that the GRASSMARLIN project has reached end-of-life status as of 2017 and is no longer supported. The project is archived, and no patches or further updates are planned or expected.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-118-01.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.