PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2675 RTI CVE debrief

A Missing Authentication for Critical Function vulnerability was found in RTI Connext Professional (Security Plugins). This issue allows an attacker to fake the source of data. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*. The CVE record was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The NVD entry is currently Undergoing Analysis.

Vendor
RTI
Product
Connext Professional
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of RTI Connext Professional (Security Plugins) versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.* should apply the necessary patches or mitigations. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the vulnerability and implement mitigations.

Technical summary

The CVE-2026-2675 vulnerability has a CVSS score of 6 and a MEDIUM severity. It was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The vulnerability is caused by a Missing Authentication for Critical Function in RTI Connext Professional (Security Plugins), which allows an attacker to fake the source of data. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*.

Defensive priority

Apply patches or mitigations provided by the vendor to address the Missing Authentication for Critical Function vulnerability. This should be prioritized for affected Connext Professional deployments.

Recommended defensive actions

  • Inventory and assess the vulnerability of RTI Connext Professional (Security Plugins) instances.
  • Apply patches or mitigations provided by RTI to address the vulnerability.
  • Monitor for any suspicious activity related to the vulnerability.
  • Implement compensating controls to mitigate the vulnerability.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T18:17:42.707Z and last modified on 2026-06-17T20:20:10.920Z. The NVD entry is currently Undergoing Analysis. The vulnerability affects Connext Professional versions from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, and from 5.3.0 before 5.3.*. Defenders should verify the affected scope and apply patches or mitigations provided by the vendor.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T18:17:42.707Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.