RTI Connext Professional CVE-2026-2674
MEDIUMSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local access and low privileges required per vendor CVSS 4.0 vector; no confidentiality impact and scope unchanged with limited integrity and availability effects.
Primary rating from Vendor (RTI).
CVSS VectorVendor: RTI
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.
AnalysisAI
Out-of-bounds write conditions in RTI Connext Professional affect three distinct components - Queueing Service, Core Libraries, and Persistence Service - enabling a locally authenticated low-privileged user to corrupt memory and produce limited integrity and availability impacts on the vulnerable system. The vulnerability spans multiple release branches (6.1.x, 7.0.x-7.3.x, and 7.4.x-7.6.x) and is resolved in versions 7.7.0 and 7.3.1.3 per vendor guidance. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to the operating system host running RTI Connext Professional, with at minimum low-privilege OS credentials (PR:L per vendor CVSS 4.0 vector AV:L/PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-reported CVSS 4.0 score of 4.8 with vector AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L reflects a bounded, locally-exploitable issue with limited blast radius. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege local credentials on a host running RTI Connext Professional submits malformed data or a crafted message payload to one of the three vulnerable components - most broadly impactful via the Core Libraries path - triggering an out-of-bounds write that corrupts adjacent memory. The resulting memory corruption produces a limited integrity or availability impact, such as corrupted DDS data streams or a service crash, potentially disrupting real-time data distribution in latency-sensitive deployments. … |
| Remediation | The primary fix is to upgrade RTI Connext Professional to version 7.7.0 for users on the 7.4.x branch, or to version 7.3.1.3 for users on the 7.0.x-7.3.x branch; 6.1.x users should consult the vendor advisory at https://www.rti.com/vulnerabilities/#cve-2026-2674 for the appropriate 6.1.x maintenance release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Connext Professional
View allRemote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today