You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
grassmarlin
About this tag
GRASSMARLIN is a network mapping tool developed by the NSA for operational technology (OT) and industrial control system (ICS) environments. On WindowsForum.com, discussions focus on CVE-2026-6807, a medium-severity XML External Entity (XXE) information disclosure vulnerability affecting GRASSMARLIN. The vulnerability, classified as CWE-611, arises from improper restriction of XML external entity references, potentially exposing sensitive data. CISA advisory ICSA-26-118-01 provides mitigation guidance for OT teams. Topics include sandbox defenses, patch management, and securing SCADA networks against XXE attacks. The tag covers vulnerability analysis, security advisories, and practical steps for reducing risk in industrial environments.
NSA GRASSMARLIN Vulnerability Brief — CVE-2026-6807
Executive summary
CISA has published ICS Advisory ICSA-26-118-01 for NSA GRASSMARLIN, identifying CVE-2026-6807, a medium-severity information-disclosure vulnerability tied to improper handling of XML input. The vulnerability is classified as...