CVE-2026-1709NVD

Vulnerability Summary

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Severity Level

CRITICAL(9.4)

Published Date

Feb 6, 2026

Last Modified

Mar 5, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-322: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityHigh

AvailabilityHigh

External References

https://access.redhat.com/errata/RHSA-2026:2224
https://access.redhat.com/errata/RHSA-2026:2225
https://access.redhat.com/errata/RHSA-2026:2298
https://access.redhat.com/security/cve/CVE-2026-1709
https://bugzilla.redhat.com/show_bug.cgi?id=2435514

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2026-1709NVD

Vulnerability Summary

External References