CVE-2026-6420

🗓️ 06 May 2026 10:19:39Reported by redhatType

Keylime verifier uses hardcoded trusted platform module nonce, enabling attackers to replay quotes.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-6420	6 May 202610:19	–	attackerkb
CNNVD	Keylime 安全漏洞	6 May 202600:00	–	cnnvd
Cvelist	CVE-2026-6420 Keylime: keylime: security bypass due to hardcoded tpm quote nonce	6 May 202610:19	–	cvelist
EUVD	EUVD-2026-27657	11 May 202614:42	–	euvd
Github Security Blog	Keylime has a hardcoded attestation challenge nonce that allows replay attacks	11 May 202614:42	–	github
Github Security Blog	Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks	6 May 202612:30	–	github
NVD	CVE-2026-6420	6 May 202611:16	–	nvd
OPENSUSE Linux	keylime-config-7.14.2-1.1 on GA media (moderate)	16 May 202600:00	–	opensuse
OSV	GHSA-Q8W6-W55C-CCV5 Keylime has a hardcoded attestation challenge nonce that allows replay attacks	11 May 202614:42	–	osv
OSV	GHSA-WC6P-4GWJ-JCR8 Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks	6 May 202612:30	–	osv

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keylime",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keylime",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-6420
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

07 May 2026 14:56Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.3

EPSS0.00016

SSVC

CWE-1241