RTI Connext Micro CVE-2026-30802
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
RTPS is network-reachable with no auth or interaction (AV:N/AC:L/PR:N/UI:N); OOB read yields limited info disclosure (C:L) and likely process crash of the DDS endpoint (A:H), no integrity impact.
Primary rating from Vendor (RTI).
CVSS VectorVendor: RTI
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0.
AnalysisAI
Out-of-bounds read in RTI Connext Micro Core Libraries (versions 4.0.0 up to but not including 4.3.0) allows remote unauthenticated attackers to read beyond allocated buffer boundaries, leading to limited information disclosure and a high availability impact (likely process crash of the DDS middleware). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be able to deliver a crafted RTPS/DDS message to a Connext Micro endpoint running an affected version (4.0.0 ≤ v < 4.3.0) - i.e., network reachability to the UDP ports on which the DDS participant is listening for discovery or user traffic. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N, VC:L/VA:H) indicates a network-reachable, unauthenticated, low-complexity flaw whose primary impact is denial of service of the DDS endpoint with a minor confidentiality leak - consistent with a parser-side OOB read that returns stray memory bytes or crashes the consumer. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to a Connext Micro participant sends a malformed RTPS/DDS message with crafted length or sequence fields that cause the Core Libraries to read past the end of a parsing buffer; the resulting behavior is most likely a crash of the subscriber/publisher process (availability impact) or, in some cases, leakage of small fragments of adjacent heap/stack memory back into protocol responses or logs. On a flat OT network where DDS endpoints are reachable from a compromised engineering workstation or rogue device, this could be repeatedly triggered to deny service to critical telemetry consumers. … |
| Remediation | Upgrade RTI Connext Micro to version 4.3.0 or later, which is the first version outside the affected range per the vendor's own range specification (Vendor-released patch: 4.3.0; consult https://www.rti.com/vulnerabilities/#cve-2026-30802 for the definitive fixed build). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and document all systems running RTI Connext Micro Core Libraries versions 4.0.0-4.2.x by searching application manifests, vendor bills-of-materials, and container registries. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Connext Micro
View allSame weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today