PYSEC-2026-1489

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2026-1489.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1489
Aliases
Published
2026-07-07T11:45:21.483576Z
Modified
2026-07-07T17:46:35.187805562Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
Details

Impact

Keylime registrar is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port 8891) blocking further, legitimate connections. As long as the connection is open, the registrar is blocked and cannot serve any further clients (agents and tenants), which prevents normal operation. The problem does not affect the verifier.

Patches

Users should upgrade to release 7.4.0

References

Affected packages

PyPI / keylime

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.4.0

Affected versions

6.*
6.3.1
6.3.2
6.4.0
6.4.1
6.4.2
6.4.3
6.5.0
6.5.1
6.5.2
6.5.3
6.6.0
6.8.0
7.*
7.0.0
7.2.5
7.3.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2026-1489.yaml"