RTI Connext Professional CVE-2026-30799
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector with low privileges confirmed; AC:H reflects the AT:P attack prerequisite (specific DDS network position and Security Plugin deployment required); no confidentiality impact per VC:N.
Primary rating from Vendor (RTI).
CVSS VectorVendor: RTI
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
AnalysisAI
Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Security Plugins component of RTI Connext Professional must be deployed and active - this feature is not enabled by default in all configurations, so deployments not using DDS-Security are not affected. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 6.1 (Medium) reflects a network-accessible flaw (AV:N) requiring low privileges (PR:L) with no user interaction (UI:N), but tempered by the presence of attack prerequisites (AT:P). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained low-privilege access to the DDS communication network - for example, through a compromised workstation on the same segment or via a misconfigured network boundary - sends a crafted DDS participant announcement to the Security Plugins layer, invoking the unauthenticated critical function to assert the identity of a trusted DDS publisher. Once the identity is spoofed, the attacker can inject malicious data into topic streams or cause legitimate participants to be rejected, achieving high integrity and availability impact. … |
| Remediation | The primary fix is to upgrade RTI Connext Professional to version 7.7.0 or later for users on the 7.4.x branch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Connext Professional
View allRemote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today