CVE-2026-1709

Sažetak

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Reference

https://access.redhat.com/errata/RHSA-2026:2224
https://access.redhat.com/errata/RHSA-2026:2225
https://access.redhat.com/errata/RHSA-2026:2298
https://access.redhat.com/security/cve/CVE-2026-1709
https://bugzilla.redhat.com/show_bug.cgi?id=2435514

CVSS

Base:	9.4
Impact:	5.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Zadnje važnije ažuriranje

05-03-2026 - 20:58

Objavljeno

06-02-2026 - 20:16