CVE-2026-6420

Name of the Vulnerable Software and Affected Versions Keylime (affected versions not specified)

Description A flaw in the Keylime verifier allows an attacker with root access on an enrolled monitored machine to bypass security. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation—a process used to verify the integrity of a system—instead of a cryptographically random value. This enables an attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue specifically affects the push model deployment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.