CVE-2026-4374

Summary

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0., from 5.3.0 before 5.3..</p>

Affected Software

VendorProductVersion RangeStatus
RTIConnext Professional7.4.0 < 7.7.0affected
RTIConnext Professional7.1.0 < 7.3.1.1affected
RTIConnext Professional6.1.0 < 6.1.2.34affected
RTIConnext Professional6.0.0 < 6.0.*affected
RTIConnext Professional5.3.0 < 5.3.*affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References