9.8
CVE-2026-1709
- EPSS 0.04%
- Veröffentlicht 06.02.2026 19:13:27
- Zuletzt bearbeitet 05.03.2026 20:58:02
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
Redhat ≫ Enterprise Linux Eus Version10.0
Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Version10.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version10.0_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version10.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version10.0_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Version10.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version10.0_ppc64le
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 9.4 | 3.9 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
|
CWE-322 Key Exchange without Entity Authentication
The product performs a key exchange with an actor without verifying the identity of that actor.