Description
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
Published: 2026-06-17
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap‑based buffer overflow in the core libraries of RTI Connext Professional. It arises when special variables and tags are processed, allowing memory to be overwritten. This flaw can lead to data corruption and, because it is a heap overflow, may permit an attacker to execute arbitrary code, compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

RTI Connext Professional, versions 7.4.0 through just before 7.7.0, 7.0.0 through 7.3.1.3, 6.1.0 through any 6.1.x, 6.0.0 through any 6.0.x, 5.3.0 through any 5.3.x, and 5.0.0 through any 5.2.x.

Risk and Exploitability

The CVSS score for this issue is 8.2, indicating high severity. The EPSS score is below 1 %, meaning the likelihood of exploitation observed in the wild is low but non‑zero. The vulnerability is not listed in CISA’s KEV catalog. The flaw is likely exploitable by sending crafted messages containing malformed variables or tags over the network to a Connext Participant, making the attack vector remote.

Generated by OpenCVE AI on June 18, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RTI Connext Professional to any non‑vulnerable release (e.g., 7.7.0 or newer).
  • If an upgrade is not immediately possible, isolate the Connext service behind a firewall and restrict incoming connections to trusted hosts only.
  • Disable or restrict the use of custom variables and tags in applications that use Connext, or apply input validation to ensure they are well‑formed.
  • Enable intrusion detection and monitor logs for abnormal variable or tag activity to catch potential exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
Title Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-122
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T18:03:27.631Z

Reserved: 2026-02-13T14:19:43.793Z

Link: CVE-2026-2467

cve-icon Vulnrichment

Updated: 2026-06-17T18:03:24.163Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:00:13Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow