Medium severity6.3NVD Advisory· Published May 6, 2026· Updated May 7, 2026

CVE-2026-6420

Description

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
keylimePyPI	>= 7.14.0, < 7.14.2	7.14.2

Affected products

Keylime/Keylimeinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-q8w6-w55c-ccv5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-6420ghsaADVISORY
access.redhat.com/security/cve/CVE-2026-6420nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB
github.com/keylime/keylime/security/advisories/GHSA-q8w6-w55c-ccv5ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000