Skip to main content

RTI Connext Professional CVE-2026-2675

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-06-17 RTI
6.0
CVSS 4.0 · Vendor: RTI
Share

Severity by source

Vendor (RTI) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-exploitable with low privileges, but AT:P condition maps to AC:H; integrity-only impact with no confidentiality or availability effect.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (RTI).

CVSS VectorVendor: RTI

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 18:11 vuln.today

DescriptionCVE.org

Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.

AnalysisAI

RTI Connext Professional's Security Plugins component allows authenticated network participants to spoof the source identity of DDS (Data Distribution Service) messages due to missing authentication on a critical data-origin verification function (CWE-306). The flaw affects versions spanning 5.3.x through 7.6.x, with a patched release available at 7.7.0 and 7.3.1.3 for the respective branches. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege DDS domain access
Delivery
Identify target topic and trusted publisher identity
Exploit
Craft DDS publication with spoofed source identity
Execution
Bypass Security Plugins authentication check
Impact
Inject false data accepted as authoritative by subscribers

Vulnerability AssessmentAI

Exploitation Exploitation requires that the RTI Connext Professional Security Plugins component is active and configured within the DDS deployment - environments not using Security Plugins are not affected by this CVE. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 reflects a meaningful but not critical-tier rating: network-reachable (AV:N), low complexity (AC:L), but requiring both low privileges (PR:L) and a specific attack requirement (AT:P - Security Plugins must be active). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the DDS network segment - for example, a rogue device, compromised endpoint, or insider threat on the same network - sends DDS data publications to a topic while falsifying the source participant identity, making the messages appear to originate from a legitimate, trusted publisher. Downstream subscribers consuming that topic accept the forged data as authentic, potentially causing incorrect actuation, false sensor readings, or corrupted state in safety-critical systems. …
Remediation The primary fix is to upgrade RTI Connext Professional to version 7.7.0 or 7.3.1.3 depending on the deployed branch, as documented in the vendor advisory at https://www.rti.com/vulnerabilities/#cve-2026-2675. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2467 CRITICAL
9.2 Jun 17

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to

CVE-2026-3894 CRITICAL
9.2 Jun 17

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int

CVE-2024-52057 CRITICAL
9.1 Dec 13

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes

CVE-2026-7300 HIGH
8.8 Jun 17

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a

CVE-2025-14543 HIGH
8.8 Apr 30

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers

CVE-2026-4374 HIGH
8.8 Apr 01

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic

CVE-2024-52058 HIGH
8.6 Dec 13

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext

CVE-2025-10450 HIGH
8.3 Dec 16

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to

CVE-2024-52066 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-52063 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52061 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52060 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

Share

CVE-2026-2675 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy