{"id":237080,"date":"2026-04-29T11:35:00","date_gmt":"2026-04-29T15:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/cisa-flags-data-theft-bug-in-nsa-built-ot-networking-tool-the-register\/"},"modified":"2026-04-29T12:10:22","modified_gmt":"2026-04-29T16:10:22","slug":"cisa-flags-data-theft-bug-in-nsa-built-ot-networking-tool-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/cisa-flags-data-theft-bug-in-nsa-built-ot-networking-tool-the-register\/","title":{"rendered":"CISA flags data-theft bug in NSA-built OT networking tool \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/29\/cisa_flags_datatheft_bug_in\/\">CISA flags data-theft bug in NSA-built OT networking tool \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/29\/cisa_flags_datatheft_bug_in\/\">https:\/\/www.theregister.com\/2026\/04\/29\/cisa_flags_datatheft_bug_in\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-29 11:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can use to snoop on sensitive information.<\/p>\n<p>First reported by Grady DeRosa, senior industrial pentester at Dragos, the weak spot affects all versions of GrassMarlin, a tool developed and open-sourced by the NSA to support network security at critical infrastructure organizations, industrial control systems, and SCADA networks.<\/p>\n<p>GrassMarlin went EOL in 2017, so there are no fixes in the works. CISA just recommends to ensure control systems and devices are not accessible via the open internet, firewalled networks and devices are isolated from business networks, and remote access is established securely.<\/p>\n<p>CISA did not &#8211; in typical fashion &#8211; offer too many details regarding CVE-2026-6807 (5.5), but confirmed that successful exploits could lead to sensitive information being disclosed.<\/p>\n<p>However, in an advisory published on Tuesday, it said: &#8220;The flaw stems from insufficient hardening of the XML parsing process.&#8221;<\/p>\n<p>These types of attacks (CWE-611) affect products that process XML files. GrassMarlin primarily uses the XML format to save session files, using many files to save different kinds of data, including lists of nodes and edges, node positioning, colors, and session metadata, before bundling them into a ZIP archive and saving them using a .gm3 extension.<\/p>\n<p>Often referred to as XML External Entity (XXE) attacks, these typically involve tricking a system owner into parsing a maliciously crafted XML file that has been tampered with to exfiltrate data.<\/p>\n<p>This is a general overview of how XXE attacks play out. CISA did not define how CVE-2026-6807 could be exploited specifically.<\/p>\n<p>Anna Quinn, penetration tester at Rapid7, however,&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/29\/cisa_flags_datatheft_bug_in\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA flags data-theft bug in NSA-built OT networking tool \u2022 The Register https:\/\/www.theregister.com\/2026\/04\/29\/cisa_flags_datatheft_bug_in\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237081,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2024\/05\/07\/data_shutterstock.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29,27],"class_list":["post-237080","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237080"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237080"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237080\/revisions"}],"predecessor-version":[{"id":237082,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237080\/revisions\/237082"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237081"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}