Transport Layer Security Vulnerability in Keylime Registrar by Keylime
CVE-2026-1709

9.4CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 9
Vendor
CVE Published:
6 February 2026

What is CVE-2026-1709?

A significant flaw was discovered in the Keylime registrar, introduced in version 7.12.0, where client-side Transport Layer Security (TLS) authentication is not enforced. This oversight permits unauthenticated clients with network access to execute administrative tasks, such as listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, without the need to present a client certificate. The absence of necessary authentication presents severe risks to data integrity and security.

Affected Version(s)

Red Hat Enterprise Linux 10 0:7.12.1-11.el10_1.4

Red Hat Enterprise Linux 10.0 Extended Update Support 0:7.12.1-2.el10_0.5

Red Hat Enterprise Linux 9 0:7.12.1-11.el9_7.4

References

https://access.redhat.com/errata/RHSA-2026:2224
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2225
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2298
vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.