CVE Catalog

CVE-2026-4374

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability in RTI Connext Professional related to improper restriction of XML external entity references allows unauthorized data linking and external entity blowup in data serialization.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability for unauthorized data access or manipulation.

Recommendation

It is recommended to upgrade to a version of RTI Connext Professional that is not vulnerable to this issue to minimize risk.

Original NVD description (English source)

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>

Vulnerability data from NVD (NIST) · CISA KEV · EPSS