XXE in Rti Connext Professional

CVE-2026-4374

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, D…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Rti Connext Professional — versions 7.4.0, 7.1.0, 6.1.0

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

www.rti.com/vulnerabilities/