Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-1709

Опубликовано: 06 фев. 2026
Источник: nvd
CVSS3: 9.4
CVSS3: 9.8
EPSS Низкий

Описание

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
Версия до 7.12.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-322
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2026-1709

CVSS3: 9.4
ubuntu
2 месяца назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

redhat логотип

CVE-2026-1709

CVSS3: 9.4
redhat
2 месяца назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

suse-cvrf логотип

openSUSE-SU-2026:20398-1

suse-cvrf
29 дней назад

Security update for keylime

rocky логотип

RLSA-2026:2225

rocky
2 месяца назад

Critical: keylime security update

rocky логотип

RLSA-2026:2224

rocky
2 месяца назад

Critical: keylime security update

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-322
NVD-CWE-noinfo