CVE-2026-1709: A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
keylime	keylime	< 7.12.0	7.12.0
keylime	keylime	>= 7.12.0 < 7.12.2	7.12.2
keylime	keylime	>= 7.13.0 < 7.13.1	7.13.1
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_arm_64	—	—
redhat	enterprise_linux_for_arm_64	—	—
redhat	enterprise_linux_for_arm_64_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_power_little_endian	—	—
redhat	enterprise_linux_for_power_little_endian	—	—
redhat	enterprise_linux_for_power_little_endian_eus	—	—