CISA Warns of Data Theft Flaw in NSA-Built OT Network Tool — No Patch Will Be Released
CISA has flagged a data-theft vulnerability in GrassMarlin, an open-source OT network analysis tool developed by the NSA. The tool reached end-of-life in 2017 and no patch will be released. A public proof-of-concept exploit is already available on GitHub.
WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency has published ICS Advisory ICSA-26-118-01 for CVE-2026-6807, an information disclosure vulnerability affecting GrassMarlin, an OT network security tool originally built and open-sourced by the National Security Agency. First identified by Grady DeRosa, a senior industrial pentester at Dragos, the flaw stems from improper handling of XML input and could allow an attacker with local access to extract sensitive information from systems used to analyze industrial control and SCADA networks. Because GrassMarlin was discontinued in 2017, no vendor patch will be issued — ever.
What Happened
CISA's advisory identifies an XXE injection weakness in GrassMarlin's session file parsing process. The agency noted that the flaw stems from insufficient hardening of the XML parsing process, enabling an attacker who can deliver a crafted session file to trigger errors that leak sensitive data. Rapid7 penetration tester Anna Quinn subsequently confirmed the vulnerability and published a working proof-of-concept exploit on GitHub.
How the Flaw Works
In an XXE attack, a malicious XML file references an external entity — typically a local file path or network resource — that the application should not be permitted to access. When the parser processes the crafted file, it fetches and returns content from that entity, effectively leaking data. In GrassMarlin's case, Quinn identified that vulnerable parameters were tied to XML files ingested when opening stored sessions. By crafting a malicious session file, she was able to induce errors in GrassMarlin's message console that exposed sensitive content from the underlying system.
Because GrassMarlin is designed to ingest session files representing OT network environments — network maps, device inventories, topology data — the files it processes contain exactly the kind of intelligence an attacker targeting industrial infrastructure would seek.
Scope and Impact
The CVSS 5.5 score places this in the medium severity tier, with a local attack vector requiring the attacker to already have a presence on the affected system or be able to deliver a malicious session file. However, several factors elevate the practical risk beyond what the score suggests.
The tool's deployment context is inherently sensitive. GrassMarlin was built to help operators of critical infrastructure, ICS environments, and SCADA networks passively map and visualize their OT asset landscape. A successful information disclosure in this context is not a minor data exposure — it is reconnaissance material for a targeted follow-on attack. The public availability of Quinn's proof-of-concept removes the technical barrier for less sophisticated actors. And because the NSA archived the GrassMarlin repository in 2017, there is no remediation path through the vendor.
Response and Attribution
CISA's recommended mitigations focus on exposure reduction. The agency advises: ensuring control systems and devices are not accessible via the open internet; isolating networked ICS and OT devices from business networks through properly configured firewalls; and establishing remote access to OT environments through secure, monitored channels only.
Security teams should treat this advisory as an immediate trigger to locate and retire any lingering GrassMarlin deployments. Where the tool must be retained for legacy compatibility, it should be completely isolated — sandboxed, disconnected from live network segments, and prevented from accessing sensitive local files. The existence of a public PoC makes passive retention of an active GrassMarlin instance an unacceptable risk.
The CyberSignal Analysis
Signal 01 — EOL Tools in OT Environments Are a Silent, Persistent Risk
GrassMarlin being nine years end-of-life and still present in active ICS environments reflects a pattern that runs throughout OT security: operational continuity pressure keeps legacy tooling running long past its support window. This advisory should function as a forcing event for an immediate audit of all security tooling in OT environments — not just GrassMarlin, but anything running on an unsupported version that touches sensitive network data.
Signal 02 — A Public PoC Resets the Risk Calculus
The publication of a working exploit transforms the theoretical risk of this vulnerability into an operational one. In OT environments, even limited information disclosure — network topology maps, device lists, connection diagrams — can provide an attacker with the reconnaissance groundwork for a far more destructive follow-on attack. The 5.5 CVSS score reflects exploit difficulty under ideal conditions; the public PoC changes those conditions materially.
Signal 03 — NSA-Built Does Not Mean NSA-Maintained
Open-source tools — regardless of origin or institutional pedigree — require ongoing maintenance to remain secure. Once a project reaches EOL, organizations that continue to depend on it assume full ownership of the associated risk. The NSA's decision to open-source GrassMarlin was valuable for the community; the community's responsibility is to recognize when that tool has reached the end of its viable security life.
