Description
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to
trigger improper handling of XML input, which may result in unintended
exposure of sensitive information. The flaw stems from insufficient
hardening of the XML parsing process.
Published: 2026-04-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in GRASSMARLIN v3.2.1 allows an attacker to craft session data that triggers the parsing of XML external entity references, a weakness classified as CWE-611. The inadequate hardening of the XML parser permits the application to read data from external sources specified by the attacker, potentially exposing sensitive information that the system processes or stores.

Affected Systems

The affected system is the NSA GRASSMARLIN project, version 3.2.1. No additional versions or vendors are listed in the advisory.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA KEV. The likely attack vector is an attacker able to submit crafted XML within session data—either through a remote interface that accepts XML input or via local manipulation of session files. Because the project is end‑of‑life and no patch exists, the only effective risk mitigation is to retire the application or enforce strict XML parsing safeguards.

Generated by OpenCVE AI on April 28, 2026 at 23:12 UTC.

Remediation

Vendor Workaround

NSA has indicated that the GRASSMARLIN project has reached end-of-life status as of 2017 and is no longer supported. The project is archived, and no patches or further updates are planned or expected.

OpenCVE Recommended Actions

  • Decommission GRASSMARLIN and migrate to a supported platform that uses hardened XML parsing.
  • If decommissioning is not immediately possible, reconfigure or update the XML parser to disable external entity processing or apply a temporary patch that enforces safe handling.
  • Continuously monitor for anomalous XML traffic and employ runtime monitoring to detect attempts to exploit XML-based weaknesses.

Generated by OpenCVE AI on April 28, 2026 at 23:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nsa
Nsa grassmarlin
Vendors & Products Nsa
Nsa grassmarlin

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.
Title NSA GRASSMARLIN Improper Restriction of XML External Entity Reference
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Nsa Grassmarlin
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-29T15:12:21.569Z

Reserved: 2026-04-21T16:01:40.334Z

Link: CVE-2026-6807

cve-icon Vulnrichment

Updated: 2026-04-29T13:42:40.447Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:47.773

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-6807

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:10:35Z

Weaknesses