Medium severity6.3NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-6420
CVE-2026-6420
Description
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | >= 7.14.0, < 7.14.2 | 7.14.2 |
Affected products
2- ghsa-coords2 versions
>= 7.14.0, < 7.14.2+ 1 more
- (no CPE)range: >= 7.14.0, < 7.14.2
- (no CPE)range: < 7.14.2-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.