Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-1709

Опубликовано: 06 фев. 2026
Источник: redhat
CVSS3: 9.4
EPSS Низкий

Описание

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Отчет

This is a Critical authentication bypass flaw in the Keylime registrar, affecting versions 7.12.0 and later. The registrar fails to enforce client-side TLS authentication, enabling unauthenticated clients with network access to perform administrative actions such as listing or deleting agents and retrieving TPM data. Exploitation requires direct network access to the registrar's HTTPS port (default 8891). Keylime packages shipped in RHEL-9.6 and earlier are not affected, as they never shipped the version which introduced this vulnerability.

Меры по смягчению последствий

Restrict network access to the Keylime registrar's HTTPS port (default 8891) to only trusted verifier and tenant hosts using firewall rules. Alternatively, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the registrar to enforce client certificate authentication. Ensure any changes to firewall rules or proxy configurations are reloaded or services are restarted for the mitigation to take effect.

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-322
https://bugzilla.redhat.com/show_bug.cgi?id=2435514keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-1709

CVSS3: 9.4
ubuntu
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

nvd логотип

CVE-2026-1709

CVSS3: 9.4
nvd
около 2 месяцев назад

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

rocky логотип

RLSA-2026:2225

rocky
около 2 месяцев назад

Critical: keylime security update

rocky логотип

RLSA-2026:2224

rocky
около 2 месяцев назад

Critical: keylime security update

github логотип

GHSA-4jqp-9qjv-57m2

CVSS3: 9.4
github
около 2 месяцев назад

Keylime Missing Authentication for Critical Function and Improper Authentication

EPSS

Процентиль: 11%
0.00038
Низкий

9.4 Critical

CVSS3