PatchSiren cyber security CVE debrief
CVE-2026-2675 RTI CVE debrief
A Missing Authentication for Critical Function vulnerability was found in RTI Connext Professional (Security Plugins). This issue allows an attacker to fake the source of data. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*. The CVE record was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The NVD entry is currently Undergoing Analysis.
- Vendor
- RTI
- Product
- Connext Professional
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of RTI Connext Professional (Security Plugins) versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.* should apply the necessary patches or mitigations. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the vulnerability and implement mitigations.
Technical summary
The CVE-2026-2675 vulnerability has a CVSS score of 6 and a MEDIUM severity. It was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The vulnerability is caused by a Missing Authentication for Critical Function in RTI Connext Professional (Security Plugins), which allows an attacker to fake the source of data. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*.
Defensive priority
Apply patches or mitigations provided by the vendor to address the Missing Authentication for Critical Function vulnerability. This should be prioritized for affected Connext Professional deployments.
Recommended defensive actions
- Inventory and assess the vulnerability of RTI Connext Professional (Security Plugins) instances.
- Apply patches or mitigations provided by RTI to address the vulnerability.
- Monitor for any suspicious activity related to the vulnerability.
- Implement compensating controls to mitigate the vulnerability.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The NVD entry is currently Undergoing Analysis. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*. Defenders should verify the affected scope and apply patches or mitigations provided by the vendor.
Official resources
-
CVE-2026-2675 CVE record
CVE.org
-
CVE-2026-2675 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
3f572a00-62e2-4423-959a-7ea25eff1638
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T18:17:42.707Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.