CVE-2026-1709
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authen
CVSS
9.4
Critical
EPSS
5.4%
p92
KEV
—
Exploit Today
28
0-100
Published: Feb 6, 2026 · Last modified: Jul 15, 2026 · CWE-322
5.4%EPSS · 30 days5.8%
2026-06-302026-07-16
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2224
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2225
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2298
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-1709
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2435514
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2224
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2225
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2298
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-1709
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2435514
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1709.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-580658.1 HIG37.1%
——11The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git `0.4.1` or later and configure a `known_hosts` file.2dCVE-2025-139148.7 HIG22.3%
——7A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM
attacker to impersonate managed devices.
Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.
This issue affects all versions of Apstra before 6.1.1.9d