MEDIUM
NSA
CVE published 2026-04-28
CVE-2026-6807
CVE-2026-6807 is a medium-severity information exposure issue affecting NSA GRASSMARLIN v3.2.1. According to CISA’s advisory, crafted session data can trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The advisory also states that GRASSMARLIN has reached end-of-life status and is no longer supported, so no patch or further update is expected.