Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication

GHSA-27jc-jmp8-qfw5

Published Feb 6, 2026 · Modified Feb 9, 2026

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references.

Original Description

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-1709
WEB https://access.redhat.com/errata/RHSA-2026:2224
WEB https://access.redhat.com/errata/RHSA-2026:2225
WEB https://access.redhat.com/errata/RHSA-2026:2298
WEB https://access.redhat.com/security/cve/CVE-2026-1709
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2435514

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes