CVE-2026-4374
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability in RTI Connext Professional related to improper restriction of XML external entity references allows unauthorized data linking and external entity blowup in data serialization.
Risk Assessment
Organizations may be exposed to attacks that exploit this vulnerability for unauthorized data access or manipulation.
Recommendation
It is recommended to upgrade to a version of RTI Connext Professional that is not vulnerable to this issue to minimize risk.
Original NVD description (English source)
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>

