Home / Vulnerability Intelligence / CVE-2026-6807

CVE-2026-6807 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: April 28, 2026

GRASSMARLIN - XML External Entity Injection

Published: April 28, 2026Updated: April 28, 2026PoC Available

Overview

GRASSMARLIN v3.2.1 contains an XML external entity injection caused by improper handling of crafted session XML input, letting attackers expose sensitive information, exploit requires crafted session data.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can expose sensitive information by exploiting XML parsing flaws.

Mitigation

Update to the latest version.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-118-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6807
Severity: Medium
CVSS Score: 5.5
Type: xml_external_entity_injection
Status: unconfirmed

CWE

CWE-611

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N