HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-3894Published Modified CNA RTI

CVE-2026-3894: Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.

Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*.

Metrics

CVSS v4.0
9.2
Severity
CRITICAL
Fixed in
5.2.*
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read vulnerability exists in the Core Libraries of RTI Connext Professional, a middleware platform commonly used in real-time and safety-critical distributed systems. The flaw is reachable over the network without any authentication, meaning a remote attacker can trigger it by sending a crafted message. Successful exploitation gives the attacker limited write capability on the affected system and causes a high-impact disruption to availability, effectively crashing or destabilizing the service. A patched-image rebuild is available on HarborGuard for environments running any affected version of Connext Professional.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle RTI Connext Professional libraries.

Available
Triage

HarborGuard scores this CVE at 9.2 Critical using the CVSS v4.0 vector and surfaces it accordingly in each customer's triage queue, with per-environment compliance policy weighting applied to route the finding to the appropriate team inbox inside each customer organization.

Available
Patch

A patched-image rebuild targeting the fix versions (5.2.x, 5.3.x, 6.0.x, 6.1.x, and 7.3.1.3 or 7.7.0 for the relevant branch) becomes available on HarborGuard for any environment where an affected version is detected. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable service is exposed over the network; an attacker must be able to send crafted packets to a reachable Connext Professional endpoint to trigger the overread.

  • AuthenticationNot required

    No credentials or session token are needed; the attacker can target the service as an unauthenticated remote party.

  • Victim interactionNot required

    No user action is required; the attacker sends a malformed message directly to the service without any social-engineering step.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environment-specific preconditions.

Blast Radius

  • Crashes or destabilizes the affected Connext Professional service, causing a high-severity loss of availability for any system depending on that middleware instance.
  • Allows the attacker limited modification of data in the local system scope, meaning some persisted or in-flight values can be tampered with during exploitation.
  • Downstream systems in the same distributed architecture that rely on Connext Professional for real-time data exchange inherit the availability disruption at high severity.
  • The out-of-bounds read itself may expose regions of process memory to the attacker, potentially leaking internal state used to craft further exploitation attempts.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image found to carry an affected version of RTI Connext Professional Core Libraries, including images built internally. Given the Critical (9.2) severity, this CVE is prioritized at the top of the triage queue and routed according to each environment's compliance policy. Patched-image rebuilds at the applicable fix versions (5.2.x, 5.3.x, 6.0.x, 6.1.x, 7.3.1.3, and 7.7.0) are available for affected environments. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the appropriate fix version, executes the configured regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not enabled, the finding surfaces in the customer's dashboard with remediation guidance and a direct reference to the upstream fix version for each affected branch.

See how HarborGuard automates this

Fix available

5.2.*5.3.*6.0.*6.1.*7.3.1.37.7.0
Affected packages
  • RTI / Connext Professional
    < 7.7.0 (from 7.4.0) · < 7.3.1.3 (from 7.0.0) · < 6.1.* (from 6.1.0) · < 6.0.* (from 6.0.0) · < 5.3.* (from 5.3.0) · < 5.2.* (from 5.0.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H
References