Skip to main content
CybersecurityVulnerability Management

CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool

Industrial control room with rows of systems, networking equipment, and monitoring stations under fluorescent lighting.

"The flaw stems from insufficient hardening of the XML parsing process," CISA wrote in its advisory, warning that a long-shelved, NSA-built network tool can be tricked into spilling sensitive files.

CVE-2026-6807: an XML External Entity (XXE) weakness

The Cybersecurity and Infrastructure Security Agency (CISA) has assigned CVE-2026-6807 (5.5) to a vulnerability in GrassMarlin that it says could allow disclosure of sensitive information. CISA confirmed successful exploitation could lead to sensitive information being disclosed but did not publish extensive technical details. The agency tied the problem to "insufficient hardening of the XML parsing process," a description consistent with CWE-611 class attacks commonly known as XML External Entity (XXE) exploits.

GrassMarlin: an NSA-built tool, EOL since 2017

GrassMarlin is a tool developed and open-sourced by the National Security Agency (NSA) to support network security at critical infrastructure organizations, industrial control systems, and SCADA networks. The tool saves session data primarily using the XML format: multiple XML files record lists of nodes and edges, node positioning, colors, and session metadata, which GrassMarlin bundles into a ZIP archive and writes with a .gm3 extension. GrassMarlin reached end-of-life in 2017, and CISA noted there are no fixes in development for this EOL product.

Public proof-of-concept from Rapid7's Anna Quinn

Grady DeRosa, senior industrial pentester at Dragos, first reported the weakness; Anna Quinn, a penetration tester at Rapid7, subsequently posted a public proof-of-concept exploit to GitHub and described her findings in detail.

Quinn wrote: "Looking at the code for Grassmarlin, I determined that the likely vulnerable parameters had to do with the XML files ingested when opening stored sessions. By crafting malicious requests I discovered I could induce an error in the message console within Grassmarlin. The cause and content of the error was properly stripped from all logs and output within Grassmarlin."

She added that "OOB exfiltration of arbitrary files was possible by referencing an external host in the DTD," and noted practical caveats: newer versions of Java could not be used on the system (GrassMarlin had to use the version of Java bundled in the installer), many types of input would cause errors that impeded exfiltration, and Quinn bypassed those issues by converting content to base64 and sending it across multiple message chunks.

Quinn also posted on LinkedIn, saying the bug "won't pose too much of a threat to most organizations" and that it "can only realistically be exploited via phishing – either between local users or external emails."

CISA guidance for operators using GrassMarlin

With no patch forthcoming for an EOL product, CISA's public advisory focused on defensive posture and access controls. The agency recommended ensuring control systems and devices are not accessible via the open internet, that firewalled networks and devices are isolated from business networks, and that remote access is established securely. Beyond those mitigations, CISA did not disclose additional exploit details in its bulletin.

What this means for industrial control operators, security teams, and adversaries

  • Industrial control operators and critical-infrastructure teams: Operators using GrassMarlin should treat the tool as unpatched and assume XML session files are a potential vector for data disclosure. CISA's guidance points to network segmentation and removing internet-facing access as primary mitigations.
  • Security teams and incident responders: The availability of a public proof-of-concept on GitHub and Quinn's technical write-up mean defenders should hunt for GrassMarlin .gm3 files, ensure Java runtimes bundled with legacy installers are not reachable, and review email and local-file handling that could enable a phishing-based XXE payload.
  • Adversaries and opportunistic attackers: Quinn's assessment that exploitation realistically requires phishing places emphasis on social-engineering capability; the public PoC lowers the bar for attackers who can craft malicious XML session files and deliver them to targeted users.

GrassMarlin's story is straightforward and inconvenient: an NSA-designed, open-sourced tool for industrial networks contains an XXE-style parsing flaw; it's been EOL for nearly a decade; CISA flags the danger and prescribes reducing exposure; and a public proof-of-concept demonstrates how, with certain environmental caveats, arbitrary-file exfiltration is possible. Organizations that still rely on GrassMarlin now face a clear choice—segregate and lock down installations, or stop using an unpatchable tool that can be abused via crafted session files.

Original story