Vulnerability-Lookup

SUSE-SU-2026:20912-1

Vulnerability from csaf_suse - Published: 2026-03-19 08:18 - Updated: 2026-03-19 08:18

Summary

Security update for keylime

Severity

Critical

Notes

Title of the patch: Security update for keylime

Description of the patch: This update for keylime fixes the following issues: - Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): - CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895)

Patchnames: SUSE-SLES-16.0-412

CVE-2026-1709

9.4 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/1257895	self
	https://www.suse.com/security/cve/CVE-2026-1709/	self
	https://www.suse.com/security/cve/CVE-2026-1709	external
	https://bugzilla.suse.com/1257895	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for keylime",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for keylime fixes the following issues:\n\n- Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895):\n- CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-412",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20912-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:20912-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620912-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:20912-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025103.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257895",
        "url": "https://bugzilla.suse.com/1257895"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-1709 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-1709/"
      }
    ],
    "title": "Security update for keylime",
    "tracking": {
      "current_release_date": "2026-03-19T08:18:07Z",
      "generator": {
        "date": "2026-03-19T08:18:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:20912-1",
      "initial_release_date": "2026-03-19T08:18:07Z",
      "revision_history": [
        {
          "date": "2026-03-19T08:18:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "keylime-config-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-config-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-config-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-firewalld-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-firewalld-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-firewalld-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-logrotate-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-logrotate-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-logrotate-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-registrar-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-registrar-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-registrar-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-tenant-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-tenant-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-tenant-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "keylime-verifier-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "keylime-verifier-7.14.0+0-160000.1.1.noarch",
                  "product_id": "keylime-verifier-7.14.0+0-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python313-keylime-7.14.0+0-160000.1.1.noarch",
                "product": {
                  "name": "python313-keylime-7.14.0+0-160000.1.1.noarch",
                  "product_id": "python313-keylime-7.14.0+0-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-config-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-config-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-config-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-firewalld-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-firewalld-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-logrotate-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-logrotate-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-registrar-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-registrar-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-tenant-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-tenant-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-verifier-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-verifier-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-keylime-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "python313-keylime-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-config-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-config-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-firewalld-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-firewalld-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-logrotate-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-logrotate-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-registrar-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-registrar-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-tenant-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-tenant-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "keylime-verifier-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "keylime-verifier-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-keylime-7.14.0+0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch"
        },
        "product_reference": "python313-keylime-7.14.0+0-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-1709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-1709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-1709",
          "url": "https://www.suse.com/security/cve/CVE-2026-1709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257895 for CVE-2026-1709",
          "url": "https://bugzilla.suse.com/1257895"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-config-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-firewalld-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-logrotate-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-registrar-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tenant-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-tpm_cert_store-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:keylime-verifier-7.14.0+0-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:python313-keylime-7.14.0+0-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-19T08:18:07Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-1709"
    }
  ]
}

CVE-2026-1709 (GCVE-0-2026-1709)

Vulnerability from cvelistv5 – Published: 2026-02-06 19:13 – Updated: 2026-03-05 21:48

Title

Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

Summary

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Severity ?

9.4 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE

CWE-322 - Key Exchange without Entity Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:2224	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:2225	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:2298	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-1709	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2435514	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:7.12.1-11.el10_1.4 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

	Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:7.12.1-2.el10_0.5 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
	Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:7.12.1-11.el9_7.4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream

Date Public ?

2026-02-06 17:45

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1709",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T19:38:04.458253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T19:38:39.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "keylime",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.12.1-11.el10_1.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "keylime",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.12.1-2.el10_0.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "keylime",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.12.1-11.el9_7.4",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2026-02-06T17:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Critical"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-322",
              "description": "Key Exchange without Entity Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T21:48:12.328Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:2224",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2224"
        },
        {
          "name": "RHSA-2026:2225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2225"
        },
        {
          "name": "RHSA-2026:2298",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2298"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-1709"
        },
        {
          "name": "RHBZ#2435514",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435514"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-30T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-06T17:45:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restrict network access to the Keylime registrar\u0027s HTTPS port (default 8891) to only trusted verifier and tenant hosts using firewall rules. \nAlternatively, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the registrar to enforce client certificate authentication. \nEnsure any changes to firewall rules or proxy configurations are reloaded or services are restarted for the mitigation to take effect."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-322: Key Exchange without Entity Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-1709",
    "datePublished": "2026-02-06T19:13:27.695Z",
    "dateReserved": "2026-01-30T17:00:54.761Z",
    "dateUpdated": "2026-03-05T21:48:12.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:20912-1

CVE-2026-1709 (GCVE-0-2026-1709)

Tags

Sightings

Nomenclature