CVE-2026-1709

Name: CVE-2026-1709 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-1709

CRITICAL

CVSS v3.1: 9.4 · EPSS: 0.0575 (92.1 percentile)

EPSS highNetworkNo privilegesNo user interaction

Source data as of: 2026-06-28 05:02:15 UTC

At a glance

Severity: CRITICAL
CVSS: 9.4 v3.1 · NVD
EPSS: 0.0575 (92.1 percentile) · FIRST.org
CISA KEV: No
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors: redhat, keylime
Published: 2026-02-06 · Modified: 2026-06-27
References: Jump to references (5)

CVSS / EPSS / KEV

CVSS v3.1 9.4 / 10 CRITICAL Source: NVD

EPSS 0.0575 92.1 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Record details

CVE ID: CVE-2026-1709
CVSS (v3.1): 9.4 (CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Exploitability subscore: 3.9
Impact subscore: 5.5
EPSS: 0.0575 (92.1 percentile) — 2026-06-28
CISA KEV: No
Weakness (CWE): CWE-322
Affected vendors: redhat, keylime
Affected configurations (CPE): 13
Published: 2026-02-06
Modified: 2026-06-27
Status: Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-1709

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Published the same year