Description
Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.
Published: 2026-06-17
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to write data beyond the intended bounds of a buffer in RTI Connext Professional’s Queueing Service, Core Libraries, or Persistence Service. This out‑of‑bounds write can corrupt adjacent memory, potentially causing crashes, data corruption, or unauthorized information disclosure. The weakness is classified as CWE‑787, a common memory corruption flaw that can lead to control‑flow hijacking if exploited.

Affected Systems

RTI’s Connext Professional product is affected. Versions impacted include all releases from 7.4.0 up to but not including 7.7.0, from 7.0.0 up to but not including 7.3.1.3, and from 6.1.0 through every 6.1.x sub‑release before the latest 6.1.* update. Systems running any of these versions should verify whether they expose the vulnerable components.

Risk and Exploitability

The CVSS v3.1 base score is 4.8, indicating moderate impact. EPSS shows a very low exploitation probability of less than 1 %, and the issue is not listed in CISA’s KEV catalog. The attack vector is not explicitly described in the advisory; based on the nature of the flaw, it is likely a local or privileged attacker would need to provide crafted data to the vulnerable service. No publicly known exploits have been disclosed, so the risk is primarily theoretical until an exploit is found.

Generated by OpenCVE AI on June 18, 2026 at 18:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest RTI Connext Professional release that is outside the affected version ranges (e.g., 7.7.0 or later).
  • If upgrade is not feasible, isolate the vulnerable components by restricting network access and applying least‑privilege controls.
  • Implement application and system monitoring to detect abnormal memory usage or crashes that may indicate exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 18:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*.
Title Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-787
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T17:57:49.845Z

Reserved: 2026-02-18T10:33:04.882Z

Link: CVE-2026-2674

cve-icon Vulnrichment

Updated: 2026-06-17T17:57:43.948Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:45:03Z

Weaknesses