CVE-2026-4374

CRITICAL

RTI Connext Professional Multiple Services - XXE

Title source: manual

Description

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...

References (1)

Core 1

Core References

https://www.rti.com/vulnerabilities/#cve-2026-4374

Scores

CVSS v3 9.1

EPSS 0.0024

EPSS Percentile 14.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (6)

RTI/Connext Professional 5.3.0 - 5.3.*

RTI/Connext Professional 6.0.0 - 6.0.*

RTI/Connext Professional 6.1.0 - 6.1.*

RTI/Connext Professional 7.1.0 - 7.3.1.1

RTI/Connext Professional 7.4.0 - 7.7.0

rti/connext_professional 5.3.0 - 5.3.1.45

Published Apr 01, 2026

Tracked Since Apr 01, 2026