RTI Connext Professional CVE-2026-2675
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-exploitable with low privileges, but AT:P condition maps to AC:H; integrity-only impact with no confidentiality or availability effect.
Primary rating from Vendor (RTI).
CVSS VectorVendor: RTI
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
AnalysisAI
RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the RTI Connext Professional Security Plugins component is active and configured within the DDS deployment - environments not using Security Plugins are not affected by this CVE. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.0 reflects a meaningful but not critical-tier rating: network-reachable (AV:N), low complexity (AC:L), but requiring both low privileges (PR:L) and a specific attack requirement (AT:P - Security Plugins must be active). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege access to the DDS network segment - for example, a rogue device, compromised endpoint, or insider threat on the same network - sends DDS data publications to a topic while falsifying the source participant identity, making the messages appear to originate from a legitimate, trusted publisher. Downstream subscribers consuming that topic accept the forged data as authentic, potentially causing incorrect actuation, false sensor readings, or corrupted state in safety-critical systems. … |
| Remediation | The primary fix is to upgrade RTI Connext Professional to version 7.7.0 or 7.3.1.3 depending on the deployed branch, as documented in the vendor advisory at https://www.rti.com/vulnerabilities/#cve-2026-2675. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Connext Professional
View allRemote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today