CRITICAL🇵🇱 Wersja polska

CVE-2026-1709

CVSS 9.4v3.1pub. 2026-02-06upd. 2026-06-27

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
  • Keylime

    APP
    Keylime
    < 7.12.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    10.09.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    10.0
  • Red Hat Enterprise Linux For Arm 64

    OS
    Redhat
    10.0_aarch649.0_aarch64
  • Red Hat Enterprise Linux For Arm 64 Eus

    OS
    Redhat
    10.0_aarch64
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    10.0_s390x9.0_s390x
  • Red Hat Enterprise Linux For IBM Z Systems Eus

    OS
    Redhat
    10.0_s390x
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    10.0_ppc64le9.0_ppc64le
  • Red Hat Enterprise Linux For Power Little Endian Eus

    OS
    Redhat
    10.0_ppc64le
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...