CVE•Published 2026-02-06•Modified 2026-06-27•1 article on news•6 live references•NVD data
CVE-2026-1709Redhat · Enterprise_linux
Vulnerability data via NVD (ingested)
CVSS v3.1
9.4
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS percentile
92
Exploit Prediction Scoring System · top 8% of all CVEs
Weaknesses (CWE)
Description
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Timeline
Published 2026-02-06
Modified 2026-06-27
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2026-1709Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · OS
os:"Enterprise Linux"Hosts Shodan identified as running Enterprise Linux.
More intel sources (5)
Shodan report
vuln:CVE-2026-1709Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-1709Censys host search filtered to this CVE id.
grep.app
CVE-2026-1709Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-1709GitHub code search for direct mentions.
Google dork
"CVE-2026-1709" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (6)
CVE-2026-17096 repos
superiorlu/AITreasureBoxRuby
🤖 Automatically collected AI repos, tools, websites, papers & tutorials. 实用AI百宝箱 💎
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
wesmar/kvcC++
KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulation for LSASS memory dumping on modern Window…
axpdev-lab/aeroftpRust
AeroFTP is a Cross-platform desktop client for FTP, FTPS, SFTP, WebDAV, S3-compatible storage, GitHub, and Cloud providers, built with Rust 🦀 (Tauri) + React
tycloud97/awesome-starsunknown
A curated list of my GitHub stars by stargazed
maxgfr/awesome-starsunknown
List of repositories that I liked on Github