Description

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

INFO

Published Date :

2026-02-06T19:13:27.695Z

Last Modified :

2026-03-05T21:48:12.328Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1709 vulnerability.

Vendors Products
Keylime
  • Keylime
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1709.

URL Resource
https://access.redhat.com/errata/RHSA-2026:2224 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2225 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2298 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-1709 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2435514 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-1709 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-1709 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact