CVE-2026-1709

EUVD-2026-5599
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.4 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
keylimekeylime
𝑥
< 7.12.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_eus
10.0
redhatenterprise_linux_for_arm_64
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
10.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
10.0_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
10.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
10.0_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
10.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
10.0_ppc64le:_ppc64le
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:2224
https://access.redhat.com/errata/RHSA-2026:2225
https://access.redhat.com/errata/RHSA-2026:2298
https://access.redhat.com/security/cve/CVE-2026-1709
https://bugzilla.redhat.com/show_bug.cgi?id=2435514