CVE-2026-1709 — CRITICAL (9.4)

Q: How severe is CVE-2026-1709?

CVE-2026-1709 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-1709?

Check the references section above for vendor advisories and patch information. Affected products include: Keylime Keylime, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Arm 64 Eus.

Vulnerability Description

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

CVSS Score

9.4

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Keylime	Keylime	< 7.12.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	10.0
Redhat	Enterprise Linux For Arm 64	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	10.0_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	10.0_s390x
Redhat	Enterprise Linux For Power Little Endian	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	10.0_ppc64le

Related Weaknesses (CWE)

CWE-322

References

https://access.redhat.com/errata/RHSA-2026:2224Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2225Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:2298Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-1709Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2435514Issue TrackingThird Party Advisory

FAQ

What is CVE-2026-1709?

CVE-2026-1709 is a vulnerability with a CVSS score of 9.4 (CRITICAL). A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows un...

How severe is CVE-2026-1709?

CVE-2026-1709 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-1709?

Check the references section above for vendor advisories and patch information. Affected products include: Keylime Keylime, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Arm 64 Eus.