CISA Warns of Data-Theft Vulnerability in NSA's GrassMarlin Tool

CISA Warns of Data-Theft Vulnerability in NSA's GrassMarlin Tool

First seen 29 Apr 2026, 17:06 UTC Theregister 99% similarity 54.9

Article Content

Browse articles
ThreatCluster

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a vulnerability in GrassMarlin, a tool developed by the NSA, which could allow attackers to access sensitive information. This vulnerability, identified as CVE-2026-6807, affects all versions of GrassMarlin, which was open-sourced for network security in critical infrastructure. The flaw, stemming from insufficient hardening of the XML parsing process, can lead to data exfiltration through XML External Entity (XXE) attacks. GrassMarlin has been end-of-life (EOL) since 2017, meaning no fixes are forthcoming. CISA advises users to secure their control systems and networks against potential exploitation. A proof-of-concept exploit has been developed and shared publicly, indicating the vulnerability can be exploited primarily via phishing attacks. While the threat is significant, it is noted that the bug may not pose a major risk to most organizations.

Key Points: • CISA warns of CVE-2026-6807 affecting all versions of GrassMarlin. • GrassMarlin is an NSA-developed tool that has been EOL since 2017. • Exploitation is possible through XML External Entity (XXE) attacks, primarily via phishing.

ThreatCluster AI

Timeline

2026-04-28
CVE-2026-6807 published
2026-04-29
First public proof-of-concept exploit released

Community

Browse all →