CVE DATABASE / CVE-2026-6807
CVE-2026-6807
CVSS 5.5 · MEDIUM
Summary
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Our coverage
- PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown
- NSA GRASSMARLIN CVE-2026-6807: XXE Flaw in End-of-Life OT Tool Has No Patch
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-118-01.json
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01
Data: NIST NVD. NVD last modified 2026-04-28. Always verify against the vendor advisory before acting.