Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-1709

Опубликовано: 06 фев. 2026
Источник: nvd
CVSS3: 9.4
CVSS3: 9.8
EPSS Низкий

Описание

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
Версия до 7.12.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-322
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2026-1709

CVSS3: 9.4
ubuntu
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

redhat логотип

CVE-2026-1709

CVSS3: 9.4
redhat
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

rocky логотип

RLSA-2026:2225

rocky
около 2 месяцев назад

Critical: keylime security update

rocky логотип

RLSA-2026:2224

rocky
около 2 месяцев назад

Critical: keylime security update

github логотип

GHSA-4jqp-9qjv-57m2

CVSS3: 9.4
github
около 2 месяцев назад

Keylime Missing Authentication for Critical Function and Improper Authentication

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-322
NVD-CWE-noinfo