← Retour aux CVEs
CVE-2026-1709
CRITICAL9.4
Description
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Details CVE
Score CVSS v3.19.4
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/6/2026
Derniere modification3/5/2026
Sourcenvd
Observations honeypot0
Produits affectes
keylime:keylimeredhat:enterprise_linuxredhat:enterprise_linux_eusredhat:enterprise_linux_for_arm_64redhat:enterprise_linux_for_arm_64_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eus
Faiblesses (CWE)
CWE-322
References
https://access.redhat.com/errata/RHSA-2026:2224(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:2225(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:2298(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2026-1709(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2435514(secalert@redhat.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.