CVE-2026-6807

Summary

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

Affected Software

VendorProductVersion RangeStatus
NSAGRASSMARLINAll versionsaffected

Weaknesses

  • CWE-611: CWE-611

Workarounds

NSA has indicated that the GRASSMARLIN project has reached end-of-life status as of 2017 and is no longer supported. The project is archived, and no patches or further updates are planned or expected.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References