Description
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
Published: 2026-06-17
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authentication check for a critical function in RTI Connext Professional allows an attacker to forge the source of data. Because the system does not verify the origin of the data, messages can be sent that appear to originate from a legitimate source, potentially leading to data integrity violations and unauthorized actions within the distributed system.

Affected Systems

The vulnerability affects RTI Connext Professional from version 7.4.0 up to but not including 7.7.0, from 7.0.0 up to but not including 7.3.1.3, from 6.1.0 up to but not including any 6.1.* release, from 6.0.0 up to but not including any 6.0.* release, and from 5.3.0 up to but not including any 5.3.* release.

Risk and Exploitability

The CVSS score of 6 indicates a medium severity. The EPSS score of less than 1% suggests a low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be remote network access to the RTI Connext Professional instance, as the missing authentication would be exploitable over the network.

Generated by OpenCVE AI on June 18, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade or patch RTI Connext Professional to a version where the critical functionforces proper authentication, as described on the vendor advisory page.
  • If an immediate upgrade is not possible, restrict network access to RTI Connext Professional services with firewall or segmentation rules so that only trusted hosts can communicate with the endpoints.
  • Configure the security plugins to explicitly validate the source of incoming data and reject any messages that are not authenticated.

Generated by OpenCVE AI on June 18, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
Title Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-306
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T18:02:48.305Z

Reserved: 2026-02-18T10:34:04.994Z

Link: CVE-2026-2675

cve-icon Vulnrichment

Updated: 2026-06-17T18:02:44.772Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:45:03Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function