Skip to main content

RTI Connext Professional CVE-2026-2674

MEDIUM
Out-of-bounds Write (CWE-787)
2026-06-17 RTI
4.8
CVSS 4.0 · Vendor: RTI
Share

Severity by source

Vendor (RTI) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local access and low privileges required per vendor CVSS 4.0 vector; no confidentiality impact and scope unchanged with limited integrity and availability effects.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (RTI).

CVSS VectorVendor: RTI

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 18:13 vuln.today

DescriptionCVE.org

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.

AnalysisAI

Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege local OS credentials
Delivery
Access affected DDS service process
Exploit
Craft malformed input payload
Execution
Trigger out-of-bounds write in buffer handling
Persist
Corrupt adjacent memory region
Impact
Cause limited integrity or availability disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the operating system host running RTI Connext Professional, with at minimum low-privilege OS credentials (PR:L per vendor CVSS 4.0 vector AV:L/PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-reported CVSS 4.0 score of 4.8 with vector AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L reflects a bounded, locally-exploitable issue with limited blast radius. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege local credentials on a host running RTI Connext Professional submits malformed data or a crafted message payload to one of the three vulnerable components - most broadly impactful via the Core Libraries path - triggering an out-of-bounds write that corrupts adjacent memory. The resulting memory corruption produces a limited integrity or availability impact, such as corrupted DDS data streams or a service crash, potentially disrupting real-time data distribution in latency-sensitive deployments. …
Remediation The primary fix is to upgrade RTI Connext Professional to version 7.7.0 for users on the 7.4.x branch, or to version 7.3.1.3 for users on the 7.0.x-7.3.x branch; 6.1.x users should consult the vendor advisory at https://www.rti.com/vulnerabilities/#cve-2026-2674 for the appropriate 6.1.x maintenance release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2467 CRITICAL
9.2 Jun 17

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to

CVE-2026-3894 CRITICAL
9.2 Jun 17

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int

CVE-2024-52057 CRITICAL
9.1 Dec 13

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes

CVE-2026-7300 HIGH
8.8 Jun 17

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a

CVE-2025-14543 HIGH
8.8 Apr 30

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers

CVE-2026-4374 HIGH
8.8 Apr 01

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic

CVE-2024-52058 HIGH
8.6 Dec 13

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext

CVE-2025-10450 HIGH
8.3 Dec 16

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to

CVE-2024-52066 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-52063 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52061 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52060 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

Share

CVE-2026-2674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy