CVE-2026-1709

Published Feb 6, 2026

Last updated a day ago

CVSS critical 9.4

Firmware

Overview

Description: A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Source: secalert@redhat.com
NVD status: Analyzed
Products: keylime, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

secalert@redhat.com: CWE-322
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "ACE3AA5F-45C3-4431-A917-7F9AC642C6BF",
            "versionEndExcluding": "7.12.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "34990D09-125F-48CA-B85E-9D9F0EB4BC07",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "39DBA47B-96D0-4EF3-A653-193B6BDCD795",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "15C78B63-6947-4580-BA46-8418C5FB10B7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "8492E227-C09E-4F51-8EAF-0F7BCCD41A16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "6D8456B7-F13F-4E74-B610-F1301B738A6C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "1FABD546-0E45-4A65-A2E5-50EC62B852E7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "189D490B-E674-4957-BD84-B0615A06FBF7",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References