CISA 2026-04-28

NSA GRASSMARLIN

CVE-2026-6807

Machine-generated analysis · WAYSCloud LLM

The advisory notes that NSA GRASSMARLIN has been end-of-life since 2017 and will receive no patches. This vulnerability affects all versions of the software.

Context

NSA GRASSMARLIN is a network traffic visualization tool developed by the National Security Agency. The vulnerability involves improper handling of XML input, which could lead to exposure of sensitive information. The advisory states the project is archived and unsupported since 2017.

Operator considerations

The advisory is too thin for specific operator guidance beyond general hardening practices.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information.

The following versions of NSA GRASSMARLIN are affected:

GRASSMARLIN vers:all/*

Vendor

Equipment

NSA

NSA GRASSMARLIN

Improper Restriction of XML External Entity Reference

Critical Infrastructure Sectors: Information Technology

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

NSA GRASSMARLIN

Relevant CWE: CWE-611 Improper Restriction of XML External Entity Reference

Metrics

Base Score

Base Severity

Vector String

3.1

5.5

MEDIUM

Acknowledgments

Grady DeRosa reported this vulnerability to CIS...

Read the full advisory on CISA →