RTI Connext Professional is used in safety-critical environments including defense systems, autonomous vehicles, medical devices, and industrial automation — a successful exploit could give an attacker control over the processes that operate these systems, with potential for physical disruption, production outages, or safety incidents beyond typical IT breaches. Organizations in regulated industries using Connext in operational technology environments face both operational liability and potential regulatory scrutiny if exploitation leads to data loss or system compromise. Because exploitation requires no authentication and no user interaction, the window between public disclosure and active exploitation is short, increasing urgency for organizations that cannot quickly isolate affected systems.
You Are Affected If
You run RTI Connext Professional Core Libraries in any version currently in production
RTI Connext Professional processes are reachable from untrusted network segments or the internet without DDS-specific traffic filtering
You operate RTI Connext Professional in OT, ICS, defense, aerospace, autonomous systems, or medical device environments where process compromise carries physical or safety consequences
You have not yet applied an official RTI/Wind River patch addressing CVE-2026-2467 — note: patch version is unconfirmed pending official advisory
Your vulnerability management process does not currently cover industrial middleware or embedded DDS platforms (gap in CIS 2.1 software inventory)
Board Talking Points
A critical, remotely exploitable vulnerability in RTI Connext Professional — middleware used in defense, industrial, and safety-critical systems — could allow an attacker to take control of affected processes without any credentials.
Security teams should immediately identify all RTI Connext deployments, isolate them from untrusted networks, and apply the official vendor patch as soon as RTI publishes confirmed remediation guidance.
Failure to act before exploit code becomes publicly available increases the risk of a targeted attack that could disrupt operations, trigger regulatory obligations, or cause physical system compromise in OT environments.
IEC 62443 — RTI Connext Professional is widely deployed in industrial control systems and SCADA environments directly subject to IEC 62443 security requirements for industrial automation and control systems
FDA 21 CFR Part 820 / Cybersecurity Guidance — RTI Connext DDS is used in medical device software architectures; a critical RCE vulnerability in device middleware may trigger FDA cybersecurity incident reporting obligations
