Critical severityNVD Advisory· Published Feb 6, 2026· Updated Mar 5, 2026
Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication
CVE-2026-1709
Description
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | >= 7.12.0, < 7.12.2 | 7.12.2 |
keylimePyPI | >= 7.13.0, < 7.13.1 | 7.13.1 |
Affected products
16cpe:/a:redhat:enterprise_linux:9::appstream+ 1 more
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:7.12.1-11.el9_7.4
- cpe:/o:redhat:enterprise_linux:10.1range: 0:7.12.1-11.el10_1.4
- Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Supportv5cpe:/o:redhat:enterprise_linux_eus:10.0Range: 0:7.12.1-2.el10_0.5
- ghsa-coords13 versionspkg:pypi/keylimepkg:rpm/almalinux/keylimepkg:rpm/almalinux/keylime-basepkg:rpm/almalinux/keylime-registrarpkg:rpm/almalinux/keylime-selinuxpkg:rpm/almalinux/keylime-tenantpkg:rpm/almalinux/keylime-toolspkg:rpm/almalinux/keylime-verifierpkg:rpm/almalinux/python3-keylimepkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/keylime&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
>= 7.12.0, < 7.12.2+ 12 more
- (no CPE)range: >= 7.12.0, < 7.12.2
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el10_1.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.12.1-11.el9_7.4
- (no CPE)range: < 7.14.0+0-160000.1.1
- (no CPE)range: < 7.14.0+0-1.1
- (no CPE)range: < 7.14.0+0-160000.1.1
- (no CPE)range: < 7.14.0+0-160000.1.1
Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2026:2224ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2026:2225ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2026:2298ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-4jqp-9qjv-57m2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1709ghsaADVISORY
- access.redhat.com/security/cve/CVE-2026-1709ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/keylime/keylime/security/advisories/GHSA-4jqp-9qjv-57m2ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2026-74.yamlghsaWEB
News mentions
0No linked articles in our index yet.