CVE-2026-2675 - Vulnerability Details - OpenCVE

Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00268.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Rti	Connext Professional

No data.

No data.

No data.

References

Link	Providers
https://www.rti.com/vulnerabilities/#cve-2026-2675

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3.*.
Title		Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.
First Time appeared		Rti Rti connext Professional
Weaknesses		CWE-306
CPEs		cpe:2.3:a:rti:connext_professional::::::::
Vendors & Products		Rti Rti connext Professional
References		https://www.rti.com/vulnerabilities/#cve-2026-2675
Metrics		cvssV4_0 `{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: RTI

Published: 2026-06-17T17:19:04.338Z

Updated: 2026-06-17T18:02:48.305Z

Reserved: 2026-02-18T10:34:04.994Z

Link: CVE-2026-2675

Vulnrichment

Updated: 2026-06-17T18:02:44.772Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2675", "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638", "state": "PUBLISHED", "assignerShortName": "RTI", "dateReserved": "2026-02-18T10:34:04.994Z", "datePublished": "2026-06-17T17:19:04.338Z", "dateUpdated": "2026-06-17T18:02:48.305Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Security Plugins"], "product": "Connext Professional", "packageName": "connext_professional", "packageURL": "pkg:generic/connext_professional", "vendor": "RTI", "versions": [{"lessThan": "7.7.0", "status": "affected", "version": "7.4.0", "versionType": "custom"}, {"lessThan": "7.3.1.3", "status": "affected", "version": "7.0.0", "versionType": "custom"}, {"lessThan": "6.1.*", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"lessThan": "6.0.*", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"lessThan": "5.3.*", "status": "affected", "version": "5.3.0", "versionType": "custom"}]}], "datePublic": "2026-06-12T16:21:43.715Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>"}], "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."}], "impacts": [{"capecId": "CAPEC-194", "descriptions": [{"lang": "en", "value": "CAPEC-194 Fake the Source of Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "Security Extensions Enabled"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638", "shortName": "RTI", "dateUpdated": "2026-06-17T17:19:04.338Z"}, "references": [{"url": "https://www.rti.com/vulnerabilities/#cve-2026-2675"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.", "x_generator": {"engine": "RTI Lubna 1.17.6"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negated": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.3.1.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0", "versionEndExcluding": "6.1.*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.0.*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3.0", "versionEndExcluding": "5.3.*"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T18:02:42.712673Z", "id": "CVE-2026-2675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T18:02:48.305Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T18:02:42.712673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T18:02:44.772Z"}}], "cna": {"title": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-194", "descriptions": [{"lang": "en", "value": "CAPEC-194 Fake the Source of Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "Security Extensions Enabled"}]}], "affected": [{"vendor": "RTI", "modules": ["Security Plugins"], "product": "Connext Professional", "versions": [{"status": "affected", "version": "7.4.0", "lessThan": "7.7.0", "versionType": "custom"}, {"status": "affected", "version": "7.0.0", "lessThan": "7.3.1.3", "versionType": "custom"}, {"status": "affected", "version": "6.1.0", "lessThan": "6.1.*", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.*", "versionType": "custom"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.*", "versionType": "custom"}], "packageURL": "pkg:generic/connext_professional", "packageName": "connext_professional", "defaultStatus": "unaffected"}], "datePublic": "2026-06-12T16:21:43.715Z", "references": [{"url": "https://www.rti.com/vulnerabilities/#cve-2026-2675"}], "x_generator": {"engine": "RTI Lubna 1.17.6"}, "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.", "supportingMedia": [{"type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "cpeApplicability": [{"nodes": [{"negated": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.7.0", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.3.1.3", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.*", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.0.*", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.3.*", "versionStartIncluding": "5.3.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "3f572a00-62e2-4423-959a-7ea25eff1638", "shortName": "RTI", "dateUpdated": "2026-06-17T17:19:04.338Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2675", "state": "PUBLISHED", "dateUpdated": "2026-06-17T18:02:48.305Z", "dateReserved": "2026-02-18T10:34:04.994Z", "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638", "datePublished": "2026-06-17T17:19:04.338Z", "assignerShortName": "RTI"}, "dataVersion": "5.2"}