10 matches found
CVE-2026-6807
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
CVE-2026-6807
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
Exploit for CVE-2026-6807
This is functional proof of concept code based on the CISA discl...
CVE-2026-6807 NSA GRASSMARLIN Improper Restriction of XML External Entity Reference
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
CVE-2026-6807 NSA GRASSMARLIN Improper Restriction of XML External Entity Reference
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
CVE-2026-6807
GRASSMARLIN v3.2.1 exposes an XML External Entity (XXE) vulnerability. A crafted session data input can trigger improper XML parsing, potentially leaking sensitive information. A public exploit PoC indicates OOB file exfiltration via an external DTD reference, with the attacker able to base64-enc...
CVE-2026-6807
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
EUVD-2026-26135
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process...
PT-2026-35811
Name of the Vulnerable Software and Affected Versions GRASSMARLIN versions prior to 3.2.1 GRASSMARLIN version 3.2.1 Description Improper handling of XML input occurs due to insufficient hardening of the XML parsing process. This allows crafted session data, specifically within session files .gm3,...
GRASSMARLIN 代码问题漏洞
GRASSMARLIN is an open-source network security posture awareness tool for industrial control systems developed by the NSA Cybersecurity Directorate. Version GRASSMARLIN v3.2.1 contains a code vulnerability. This vulnerability stems from insufficient hardening of the XML parsing process, which may...