Description
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
Published: 2026-06-17
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authentication for Critical Function vulnerability in RTI Connext Professional allows an unauthenticated attacker to impersonate legitimate users and access restricted functionality. This identity spoofing can lead to unauthorized control over distributed applications, potentially compromising confidentiality, integrity, and availability. The weakness is classified as CWE-306.

Affected Systems

RTI Connext Professional is affected across multiple major releases: from 7.4.0 up to, but not including, 7.7.0; from 7.0.0 up to, but not including, 7.3.*; from 6.1.0 up to, but not including, 6.1.*; from 6.0.0 up to, but not including, 6.0.*; and from 5.3.0 up to, but not including, 5.3.*.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity, while the EPSS score of < 1% shows a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote, involving unsecured interfaces or APIs that lack proper authentication checks. The risk remains moderate, but early mitigation is recommended to prevent potential identity spoofing scenarios.

Generated by OpenCVE AI on June 18, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-released patch for RTI Connext Professional that fixes the missing authentication flaw
  • Verify that your installation is at version 7.7.0 or later, where the issue is resolved
  • Review system configuration to ensure security plugins enforce proper authentication and authorization

Generated by OpenCVE AI on June 18, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.
Title Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-306
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T17:59:38.181Z

Reserved: 2026-03-05T14:43:37.191Z

Link: CVE-2026-30799

cve-icon Vulnrichment

Updated: 2026-06-17T17:59:35.617Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:45:03Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function