Description
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
Published: 2026-04-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Over‑Read
Action: Apply Patch
AI Analysis

Impact

A buffer over‑read flaw exists in the Core Libraries of RTI Connext Professional, allowing an attacker to read memory beyond the bounds of allocated buffers. The CVE description does not specify the exact consequences, but it is inferred that this could expose sensitive data stored in adjacent memory areas.

Affected Systems

RTI: Connext Professional Core Libraries are affected across multiple major releases. Vulnerable versions include those from 7.4.0 up to but not including 7.7.0, from 7.0.0 up to but not including 7.3.1.1, from 6.1.0 up to but not including any 6.1.x, from 6.0.0 up to but not including any 6.0.x, from 5.3.0 up to but not including any 5.3.x, and from 4.3.x up to but not including any 5.2.*.

Risk and Exploitability

CVSS score of 4.8 indicates low severity while EPSS score below 1% suggests a very low probability of exploitation; the vulnerability is not listed in the CISA KEV catalog. The CVE description does not mention a remote attack surface, and it is inferred that exploitation would likely require local execution or code running within a process that loads the vulnerable library. Therefore, risk to environments depends on whether untrusted inputs are handled by the Core Libraries, but the potential impact is limited.

Generated by OpenCVE AI on April 14, 2026 at 21:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a non‑affected version of RTI Connext Professional.
  • If an immediate update is not possible, restrict the usage of the vulnerable library to trusted contexts or limit access to untrusted processes.
  • Monitor RTI security bulletins for further updates or additional mitigations.

Generated by OpenCVE AI on April 14, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Description Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
Title Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-126
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-04-01T15:51:51.642Z

Reserved: 2026-02-12T10:13:55.938Z

Link: CVE-2026-2394

cve-icon Vulnrichment

Updated: 2026-04-01T14:32:08.841Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T01:16:40.990

Modified: 2026-04-14T18:00:20.590

Link: CVE-2026-2394

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses