Description
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.
Published: 2026-06-17
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A classic buffer overflow flaw exists in the Web Integration Service component of RTI Connext Professional, caused by a buffer copy that does not check input size. This vulnerability can corrupt memory during filter processing, potentially allowing an attacker to inject arbitrary code or trigger a denial of service. The flaw is classified as CWE-120.

Affected Systems

The affected product is RTI Connext Professional. Vulnerable versions include all releases from 7.4.0 up to (but not including) 7.*, from 7.0.0 up to (but not including) 7.3.1.3, and from 6.1.2 up to (but not including) 6.1.*. Users of these releases should verify their current version against the specified ranges.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of less than 1% shows a low probability that the vulnerability has been actively exploited as of the assessment date. The issue is not listed in CISA's KEV catalog. The attack vector is inferred to be remote network-based, as the flaw resides in the Web Integration Service which communicates with external clients. Consequently the risk is significant for environments that expose the Web Integration Service to untrusted networks.

Generated by OpenCVE AI on June 18, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade RTI Connext Professional to a release that contains the fix for CVE‑2026‑7300.
  • If an immediate upgrade is not possible, isolate or remove the Web Integration Service from public networks and restrict incoming connections to a whitelisted set of trusted hosts.
  • Implement additional network segmentation or firewall rules to limit exposure of the vulnerable service, and monitor for anomalous traffic patterns that may indicate exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.
Title Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.
First Time appeared Rti
Rti connext Professional
Weaknesses CWE-120
CPEs cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*
Vendors & Products Rti
Rti connext Professional
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Rti Connext Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: RTI

Published:

Updated: 2026-06-17T18:00:33.855Z

Reserved: 2026-04-28T11:35:56.277Z

Link: CVE-2026-7300

cve-icon Vulnrichment

Updated: 2026-06-17T18:00:30.615Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:30:05Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')