CVE-2026-6807 | THREATINT

Description

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

PUBLISHED Reserved 2026-04-21 | Published 2026-04-28 | Updated 2026-04-29 | Assigner icscert

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-611

Product status

Default status

unaffected

All versions

affected

Credits

Grady DeRosa reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-118-01

github.com/...p/csaf_files/OT/white/2026/icsa-26-118-01.json

cve.org (CVE-2026-6807)

nvd.nist.gov (CVE-2026-6807)

Download JSON