CVE-2026-1709

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-1709

9.4 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:2224 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2225 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2298 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-1709 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2435514 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
History

05 Mar 2026, 20:58

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Redhat
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian Eus
Keylime
Redhat enterprise Linux Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Arm 64 Eus
Keylime keylime
Redhat enterprise Linux
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2026:2224 - () https://access.redhat.com/errata/RHSA-2026:2224 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:2225 - () https://access.redhat.com/errata/RHSA-2026:2225 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:2298 - () https://access.redhat.com/errata/RHSA-2026:2298 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2026-1709 - () https://access.redhat.com/security/cve/CVE-2026-1709 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2435514 - () https://bugzilla.redhat.com/show_bug.cgi?id=2435514 - Issue Tracking, Third Party Advisory

09 Feb 2026, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:2298 -

09 Feb 2026, 07:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:2224 -
  • () https://access.redhat.com/errata/RHSA-2026:2225 -

06 Feb 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-06 20:16

Updated : 2026-03-05 20:58

NVD link : CVE-2026-1709

Mitre link : CVE-2026-1709

CVE.ORG link : CVE-2026-1709

JSON object : View

Products Affected

redhat

keylime

CWE
CWE-322

Key Exchange without Entity Authentication

NVD-CWE-noinfo