CISA Warns of Data-Theft XXE Vulnerability in NSA-Built OT Tool GrassMarlin
CISA has flagged CVE-2026-6807, an XXE vulnerability in the NSA-developed OT network tool GrassMarlin, which can leak sensitive data via crafted session files.
The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of GrassMarlin, a network mapping tool originally developed by the National Security Agency (NSA) for operational technology (OT) environments, about a newly disclosed vulnerability that could allow attackers to exfiltrate sensitive information. Tracked as CVE-2026-6807 and assigned a CVSS score of 5.5, the flaw is an XML External Entity (XXE) injection vulnerability stemming from insufficient hardening of the XML parsing process.
GrassMarlin was open-sourced by the NSA to help critical infrastructure organizations, industrial control systems (ICS), and SCADA network defenders visualize and analyze network topologies. The tool primarily uses XML to save session files, including node lists, edge data, positioning, colors, and metadata, all bundled into a .gm3 archive. The vulnerability, first reported by Grady DeRosa, a senior industrial pentester at Dragos, affects all versions of GrassMarlin.
Because GrassMarlin reached end-of-life (EOL) in 2017, no patches will be issued. CISA's advisory recommends that organizations ensure control systems and devices are not accessible via the open internet, that firewalled networks and devices are isolated from business networks, and that remote access is established securely. The agency did not provide detailed exploitation scenarios but confirmed, but noted that successful exploits could lead to sensitive information disclosure.
Anna Quinn, a penetration tester at Rapid7, developed and published a public proof-of-concept (PoC) exploit on GitHub. Quinn explained that by crafting malicious XML requests within .gm3 session files, she could induce errors in GrassMarlin's message console. While error content was properly stripped from logs, out-of-band (OOB) exfiltration of arbitrary files was possible by referencing an external host in the Document Type Definition (DTD).
Quinn noted several caveats: newer versions of Java could not be used, meaning GrassMarlin had to run with the Java version bundled in its installer. Additionally, many input types caused errors that impeded exfiltration, requiring base64 encoding and splitting data across multiple message chunks. In a separate LinkedIn post, Quinn assessed that the bug poses limited threat to most organizations, as exploitation realistically requires phishing—either between local users or via external emails.
The vulnerability is classified under CWE-611 (Improper Restriction of XML External Entity Reference). XXE attacks typically involve tricking a system owner into parsing a maliciously crafted XML file that has been tampered with to exfiltrate data. While CISA did not define specific exploitation scenarios for CVE-2026-6807 beyond the general mechanism.
Given that GrassMarlin is no longer supported, the disclosure highlights the risks of relying on end-of-life tools still in use within critical infrastructure environments. Organizations relying on GrassMarlin are urged to migrate to supported alternatives and implement network segmentation and secure remote access as primary mitigations.