Enterprise Linux For Ibm Z Systems
CVE-2026-1709
CRITICAL
Key Exchange without Entity Authentication (CWE-322)
GHSA-4jqp-9qjv-57m2
Authentication Bypass
Enterprise Linux For Ibm Z Systems
Enterprise Linux For Arm 64 Eus
Keylime
Enterprise Linux For Power Little Endian
Enterprise Linux Eus
Enterprise Linux For Ibm Z Systems Eus
Enterprise Linux For Power Little Endian Eus
Enterprise Linux
Enterprise Linux For Arm 64
Red Hat
Suse
9.4
CVSS 3.1 · NVD
Share
Severity by source
NVD
PRIMARY
9.4
CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
9.4
CRITICAL
qualitative
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Lifecycle Timeline
3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 06, 2026 - 20:16 nvd
CRITICAL 9.4
DescriptionCVE.org
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
AnalysisAI
Keylime attestation framework since version 7.12.0 has a TLS authentication flaw where the registrar doesn't enforce client-side certificate validation.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Connect to Keylime registrar without client certificate
Exploit
Bypass TLS authentication check
Execution
Execute administrative operations
Impact
Delete agents or exfiltrate TPM data
Access
Connect to Keylime registrar without client certificate
Exploit
Bypass TLS authentication check
Execution
Execute administrative operations
Impact
Delete agents or exfiltrate TPM data
Vulnerability AssessmentAI
| Exploitation | Keylime registrar version 7.12.0 or later with client-side TLS certificate authentication disabled or not enforced. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.4 — Keylime provides hardware-based attestation for cloud workloads. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker connects to the Keylime registrar without a valid client certificate, registering rogue agents or modifying attestation policies to allow compromised workloads. |
| Remediation | Update Keylime. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Keylime registrar deployments running v7.12.0 or later and document affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Vendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.70 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.37 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.61 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.72 Container suse/sl-micro/6.0/toolbox:13.2-9.22 | Affected |
| Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.59 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.80 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.85 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.73 Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd | Affected |
| SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).