Skip to main content

RTI Connext Professional CVE-2026-7300

HIGH
Classic Buffer Overflow (CWE-120)
2026-06-17 RTI
8.8
CVSS 4.0 · Vendor: RTI
Share

Severity by source

Vendor (RTI) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.6 HIGH

Web Integration Service is network-reachable with no auth or user interaction; overflow yields a service crash (A:H) with limited memory disclosure/corruption (C:L/I:L), no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (RTI).

CVSS VectorVendor: RTI

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 18:06 vuln.today

DescriptionCVE.org

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.

AnalysisAI

Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a classic buffer overflow (CWE-120) reachable over the network without authentication. Versions 7.4.0 before 7.x, 7.0.0 before 7.3.1.3, and 6.1.2 before 6.1.x are vulnerable, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Web Integration Service endpoint
Delivery
Craft oversized request bypassing input filter
Exploit
Trigger buffer overflow in parser
Execution
Corrupt adjacent memory and crash service
Impact
Disrupt DDS-to-web data bridge

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the RTI Connext Professional Web Integration Service component specifically - deployments that do not enable or expose the Web Integration Service are not exploitable through this flaw. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N indicates a fully remote, unauthenticated, low-complexity attack with no user interaction - the highest-exposure precondition profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the Web Integration Service over the network sends a single crafted HTTP or WebSocket request containing an oversized field that bypasses the input filter and overflows a fixed-size buffer in the parsing routine. The Web Integration Service crashes, severing the bridge between DDS topics and web clients and disrupting real-time data flow to operator dashboards or downstream consumers; no public exploit identified at time of analysis, so this remains a theoretical chain pending vendor or third-party PoC release.
Remediation Upgrade RTI Connext Professional to 7.3.1.3 or later on the 7.0-7.3 branch, and to the fixed 6.1.x or 7.4.x maintenance release as published by RTI per https://www.rti.com/vulnerabilities/#cve-2026-7300 (Vendor-released patch: 7.3.1.3 for the 7.0-7.3 line; consult the advisory for exact 6.1.x and 7.4.x fix builds). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running RTI Connext Professional versions 7.0.0 through 7.3.1.2, 6.1.2, and earlier; enable detailed logging for Web Integration Service access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2467 CRITICAL
9.2 Jun 17

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to

CVE-2026-3894 CRITICAL
9.2 Jun 17

Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int

CVE-2024-52057 CRITICAL
9.1 Dec 13

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes

CVE-2025-14543 HIGH
8.8 Apr 30

XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers

CVE-2026-4374 HIGH
8.8 Apr 01

XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthentic

CVE-2024-52058 HIGH
8.6 Dec 13

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext

CVE-2025-10450 HIGH
8.3 Dec 16

Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to

CVE-2024-52066 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-52063 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52061 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L

CVE-2024-52060 HIGH
8.3 Dec 13

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin

CVE-2024-25724 HIGH
7.3 May 21

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Rec

Share

CVE-2026-7300 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy