Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1709
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-06 Feb, 2026 | 19:13
Updated At-05 Mar, 2026 | 21:48
Rejected At-
▼CVE Numbering Authority (CNA)
Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keylime
CPEs
  • cpe:/o:redhat:enterprise_linux:10.1
Default Status
affected
Versions
Unaffected
  • From 0:7.12.1-11.el10_1.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10.0 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keylime
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Versions
Unaffected
  • From 0:7.12.1-2.el10_0.5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keylime
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:7.12.1-11.el9_7.4 before * (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-322Key Exchange without Entity Authentication
Type: CWE
CWE ID: CWE-322
Description: Key Exchange without Entity Authentication
Metrics
VersionBase scoreBase severityVector
3.19.4CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Version: 3.1
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Critical
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Restrict network access to the Keylime registrar's HTTPS port (default 8891) to only trusted verifier and tenant hosts using firewall rules. Alternatively, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the registrar to enforce client certificate authentication. Ensure any changes to firewall rules or proxy configurations are reloaded or services are restarted for the mitigation to take effect.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2026-01-30 00:00:00
Made public.2026-02-06 17:45:00
Event: Reported to Red Hat.
Date: 2026-01-30 00:00:00
Event: Made public.
Date: 2026-02-06 17:45:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:2224
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2225
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2298
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-1709
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:2224
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:2225
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:2298
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-1709
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2435514
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found