CVE-2026-1709

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-1709
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

9.4 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:2224 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2225 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2298 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-1709 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2435514 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
History

05 Mar 2026, 20:58

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Redhat enterprise Linux For Arm 64
Keylime
Keylime keylime
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux
Redhat enterprise Linux Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Arm 64 Eus
References () https://access.redhat.com/errata/RHSA-2026:2224 - () https://access.redhat.com/errata/RHSA-2026:2224 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:2225 - () https://access.redhat.com/errata/RHSA-2026:2225 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:2298 - () https://access.redhat.com/errata/RHSA-2026:2298 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2026-1709 - () https://access.redhat.com/security/cve/CVE-2026-1709 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2435514 - () https://bugzilla.redhat.com/show_bug.cgi?id=2435514 - Issue Tracking, Third Party Advisory

09 Feb 2026, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:2298 -

09 Feb 2026, 07:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:2224 -
  • () https://access.redhat.com/errata/RHSA-2026:2225 -

06 Feb 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-06 20:16

Updated : 2026-03-05 20:58

NVD link : CVE-2026-1709

Mitre link : CVE-2026-1709

CVE.ORG link : CVE-2026-1709

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_power_little_endian_eus

keylime

  • keylime
CWE
CWE-322

Key Exchange without Entity Authentication

NVD-CWE-noinfo