CVE-2026-1709

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H                                    

Vulnerability Description

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Vulnerability Details

Published Date

February 06, 2026

Last Modified

February 09, 2026

CWE ID

CWE-322

Source

NVD

Vendor

pip

Product

keylime

External References

https://access.redhat.com/security/cve/CVE-2026-1709
https://bugzilla.redhat.com/show_bug.cgi?id=2435514

CVE-2026-1709

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment