Medium severity5.5NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026

CVE-2026-6807

Description

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-118-01.jsonnvd
www.cisa.gov/news-events/ics-advisories/icsa-26-118-01nvd

News mentions

CISA flags data-theft bug in NSA-built OT networking tool
The Register Security · Apr 29, 2026
NSA GRASSMARLIN
CISA Alerts

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000