CVE-2026-4374

CRITICAL

RTI Connext Professional Multiple Services - XXE

Title source: manual

Description

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...

References (1)

Scores

CVSS v3 9.1
EPSS 0.0004
EPSS Percentile 10.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-611
Status published
Products (6)
RTI/Connext Professional 5.3.0 - 5.3.*
RTI/Connext Professional 6.0.0 - 6.0.*
RTI/Connext Professional 6.1.0 - 6.1.*
RTI/Connext Professional 7.1.0 - 7.3.1.1
RTI/Connext Professional 7.4.0 - 7.7.0
rti/connext_professional 5.3.0 - 5.3.1.45
Published Apr 01, 2026
Tracked Since Apr 01, 2026