Improper Restriction of XML External Entity Reference in RTI Connext Professional
CVE-2026-4374

7HIGH

Key Information:

Vendor

Rti

Status
Connext Professional
Vendor
CVE Published:
1 April 2026

What is CVE-2026-4374?

The vulnerability in RTI Connext Professional allows attackers to exploit improper handling of XML external entity references, enabling unauthorized access to external resources and data manipulation. This can lead to serious security risks such as data serialization attacks and exposure of sensitive information across affected services including Routing Service, Observability Collector, Recording Service, Queueing Service, and Cloud Discovery Service.

Affected Version(s)

Connext Professional 7.4.0 < 7.7.0

Connext Professional 7.1.0 < 7.3.1.1

Connext Professional 6.1.0 < 6.1.*

References

https://www.rti.com/vulnerabilities/#cve-2026-4374

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.