Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...
AnalysisAI
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.
Technical ContextAI
This vulnerability exploits CWE-611 (Improper Restriction of XML External Entity Reference) in RTI Connext Professional's data distribution service components. XXE attacks occur when XML parsers process external entity references without proper sanitization, allowing attackers to inject malicious entity declarations. The affected components (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) are middleware infrastructure services built on RTI's Data Distribution Service (DDS) for real-time systems communication. These services handle XML configuration files and serialized data formats, creating attack surface through XML processing. The truncated description mentions 'Serialized Data External Linking' and 'Data Serializat...' suggesting the vulnerability lies in how these services deserialize or process XML-formatted data streams. DDS implementations are commonly deployed in industrial control systems, medical devices, defense systems, and autonomous vehicles, making XXE exploitation particularly concerning in safety-critical environments.
RemediationAI
Upgrade to patched RTI Connext Professional versions: 7.7.0 or later for the 7.x branch, or version 7.3.1.1 for organizations on the 7.1-7.3 line. RTI has released patches per vendor advisory at https://www.rti.com/vulnerabilities/#cve-2026-4374. For versions 5.3.x, 6.0.x, and 6.1.x branches where no patch version is specified in available data, contact RTI support directly to obtain appropriate updates or migration guidance. If immediate patching is not feasible, implement these compensating controls: disable XML external entity processing in XML parser configurations used by affected services by setting features like disallow-doctype-decl=true and external-general-entities=false (consult RTI documentation for service-specific configuration paths). Restrict network access to affected service ports using firewall rules, limiting connectivity to only trusted DDS peers (trade-off: breaks cloud connectivity for Cloud Discovery Service). Deploy XML input validation proxies to filter entity declarations before data reaches vulnerable services (adds latency and operational complexity). Disable unused service components among the five affected types to reduce attack surface (may impact observability and routing functionality). Monitor XML processing logs for suspicious entity references or parsing errors as potential exploitation indicators. Note that restricting XML entity processing may break legitimate configurations that rely on external entity references for modular configuration management.
More in Connext Professional
View allRemote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to
Out-of-bounds read in RTI Connext Professional Core Libraries allows remote unauthenticated attackers to read beyond int
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Profes
Remote denial of service and partial data exposure in RTI Connext Professional's Web Integration Service results from a
XML External Entity (XXE) injection in RTI Connext Professional's Core Libraries allows remote unauthenticated attackers
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core L
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routin
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Rec
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17765