CVE-2026-6807

EUVD-2026-26135
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to 
trigger improper handling of XML input, which may result in unintended 
exposure of sensitive information. The flaw stems from insufficient 
hardening of the XML parsing process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-118-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01