← Zuruck zu CVEs
CVE-2026-1709
CRITICAL9.4
Beschreibung
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
CVE Details
CVSS v3.1 Bewertung9.4
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/6/2026
Zuletzt geandert3/5/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
keylime:keylimeredhat:enterprise_linuxredhat:enterprise_linux_eusredhat:enterprise_linux_for_arm_64redhat:enterprise_linux_for_arm_64_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eus
Schwachen (CWE)
CWE-322
Referenzen
https://access.redhat.com/errata/RHSA-2026:2224(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:2225(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:2298(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2026-1709(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2435514(secalert@redhat.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.