Which versions of RTI Connext Professional are affected by CVE-2026-4374?

RTI Connext Professional's routing and service components contain an XML External Entity (XXE) injection vulnerability that enables unauthenticated remote attackers to exfiltrate sensitive data and…. A patch is available.

RTI Connext Professional CVE-2026-4374

Q: What is the CVSS score of CVE-2026-4374?

CVE-2026-4374 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17765 HIGH

Improper Restriction of XML External Entity Reference (CWE-611)

2026-04-01 RTI

XXE

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 21, 2026 - 00:13 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 00:07 vuln.today

cvss_changed

Analysis Updated

Apr 16, 2026 - 06:09 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

7.7.0,6.1.,6.0.

EUVD ID Assigned

Apr 01, 2026 - 01:45 euvd

EUVD-2026-17765

Analysis Generated

Apr 01, 2026 - 01:45 vuln.today

CVE Published

Apr 01, 2026 - 01:06 nvd

HIGH 8.8

DescriptionNVD

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...

AnalysisAI

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. …

RemediationAI

Within 24 hours: Inventory all RTI Connext Professional deployments, document affected versions (5.3.0-7.6.x) and components (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service), and restrict network access to these services. Within 7 days: Apply vendor-released patch per RTI security advisory to all affected instances in test environments and validate functionality. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4374 vulnerability details – vuln.today

Back

RTI Connext Professional CVE-2026-4374

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

RTI Connext Professional CVE-2026-4374

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code