Description
Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
Published: 2026-06-17
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read flaw in the core libraries of RTI Connext Professional permits an attacker to read data beyond the intended buffer limits, which can expose sensitive information stored in memory such as secrets or credentials. This weakness is classified as CWE‑125 and can lead to confidential data leakage without requiring code execution.

Affected Systems

The vulnerability affects RTI Connext Professional deployments across several major releases: from version 7.4.0 up to, but not including, 7.7.0; from 7.0.0 up to, but not including, 7.3.1.3; from 6.1.0 up to all 6.1.x releases; from 6.0.0 up to all 6.0.x releases; from 5.3.0 up to all 5.3.x releases; and from 5.0.0 up to all 5.2.x releases.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity, while the EPSS score of less than 1% signals a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires access to the same process memory or a privilege level that allows memory probing. The resulting information disclosure makes it a significant risk for environments that handle sensitive data within Connext services.

Generated by OpenCVE AI on June 18, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest un‑affected release such as 7.7.0 or newer, or the corresponding newer minor release in the 7.3.x, 6.1.x, 6.0.x, 5.3.x, or 5.2.x series.
  • Limit access to the Connext services by restricting network connections and operating‑system accounts to trusted administrators only, minimizing the potential attack surface.
  • Increase monitoring of application logs for unexpected memory access failures or crashes, and investigate any anomalies that could signal an attempted exploitation of the out‑of‑bounds read.

Generated by OpenCVE AI on June 18, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.
Title Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-125
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:L/SA:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T18:01:16.597Z

Reserved: 2026-03-10T17:09:23.192Z

Link: CVE-2026-3894

cve-icon Vulnrichment

Updated: 2026-06-17T18:01:10.707Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:30:05Z

Weaknesses