CVE-2026-1709
🟠 Łataj w tym tygodniu
Obejście uwierzytelnienia w Keylime pozwala nieautoryzowanym klientom na operacje administracyjne.
CVSS
9.4
EPSS
5.8%
Exploit
none
Vendor
redhat
Opis źródłowy (NVD)
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 5.8% |
| Opublikowano (NVD) | 2026-02-06 20:16:09 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-27 05:16:42 UTC |
Referencje
- https://access.redhat.com/errata/RHSA-2026:2224 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2026:2225 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2026:2298 (secalert@redhat.com) [Third Party Advisory]
- https://access.redhat.com/security/cve/CVE-2026-1709 (secalert@redhat.com) [Third Party Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2435514 (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1709.json (0b0ca135-0b70-47e7-9f44-1890c2a1c46c)