HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-2467Published Modified CNA RTI

CVE-2026-2467: Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.

Metrics

CVSS v4.0
9.2
Severity
CRITICAL
Fixed in
5.2.*
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap-based buffer overflow exists in the Core Libraries of RTI Connext Professional, a widely deployed middleware used in real-time distributed systems. The flaw is reachable over the network without any authentication or user interaction, derived from the CVSS:4.0 vector (AV:N/PR:N/UI:N). Successful exploitation crashes the affected service and allows limited tampering with data in connected systems. A patched-image rebuild is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-2467 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle RTI Connext Professional Core Libraries. Any image in a customer registry or CI pipeline carrying an affected version (5.0.0 through pre-7.7.0 ranges as defined by the advisory) will surface in scan results automatically.

Available
Triage

Triage is available with a CVSS v4.0 score of 9.2 (Critical), and HarborGuard weights that score against each customer's per-environment compliance policy to prioritize routing. Findings are directed to the appropriate team inbox within each customer organization based on configured ownership rules, so the right engineers see this alert without manual triage overhead.

Available
Patch

A patched-image rebuild targeting the fix versions (5.2.*, 5.3.*, 6.0.*, 6.1.*, and 7.3.1.3 or later up to 7.7.0) becomes available on HarborGuard once the upstream fix is confirmed. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable service must be reachable over the network; an attacker sends specially crafted messages to the Connext Professional endpoint without needing local access.

  • AuthenticationNot required

    No credentials or prior account access are needed; the overflow can be triggered by any unauthenticated network peer.

  • Victim interactionNot required

    No user action is required; the attacker interacts directly with the Connext Professional service.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions to succeed.

Blast Radius

  • Crashes the Connext Professional service, causing a denial of service for any application relying on that real-time data bus.
  • Allows limited modification of data values within the affected system (low integrity impact on the vulnerable component).
  • Propagates a high-availability impact to downstream or connected systems that depend on Connext data distribution (high availability impact on subsequent components).
  • Allows minor data tampering in connected downstream components (low integrity impact on subsequent components).

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-2467 runs automatically across all registered images and pipelines, with no configuration required to enable detection. Where compliance policy permits auto-remediation, HarborGuard rebuilds the affected image at a patched version (targeting 7.7.0 for 7.4.x users, 7.3.1.3 for 7.0.x users, or the appropriate 5.x or 6.x fix branch), runs a regression test pass, and opens a pull request against the affected workload. For environments with auto-remediation enabled, the median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes. For customers who do not use auto-remediation, the finding appears in the HarborGuard dashboard with fix-version guidance so engineers can act on it directly. Given the critical CVSS score and zero-authentication exploit path, teams unable to patch immediately should consider network-policy controls that restrict access to Connext Professional endpoints to trusted peers only, reducing exposure while a patched image is prepared.

See how HarborGuard automates this

Fix available

5.2.*5.3.*6.0.*6.1.*7.3.1.37.7.0
Affected packages
  • RTI / Connext Professional
    < 7.7.0 (from 7.4.0) · < 7.3.1.3 (from 7.0.0) · < 6.1.* (from 6.1.0) · < 6.0.* (from 6.0.0) · < 5.3.* (from 5.3.0) · < 5.2.* (from 5.0.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H
References