"CISA confirmed that successful exploits could lead to sensitive information being disclosed. The flaw stems from insufficient hardening of the XML parsing process."
"GrassMarlin primarily uses the XML format to save session files, using many files to save different kinds of data, including lists of nodes and edges."
"Often referred to as XML External Entity (XXE) attacks, these typically involve tricking a system owner into parsing a maliciously crafted XML file that has been tampered with to exfiltrate data."
"Anna Quinn, penetration tester at Rapid7, worked up a public proof-of-concept exploit and posted it to GitHub."
CISA has issued a warning regarding a vulnerability in GrassMarlin, a tool developed by the NSA, affecting all versions. The vulnerability, identified as CVE-2026-6807, allows attackers to potentially access sensitive information. GrassMarlin, which reached end-of-life in 2017, has no forthcoming fixes. CISA recommends securing control systems by isolating them from the internet and ensuring secure remote access. The flaw arises from inadequate hardening of the XML parsing process, making it susceptible to XML External Entity (XXE) attacks, which can exfiltrate data through malicious XML files.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]