CVE-2026-6420
is CVE-2026-6420real, exploitable, or a false positive? Here's the community verdict.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2026-6420)<a href="https://www.truepositive.app/cve/CVE-2026-6420"><img src="https://www.truepositive.app/cve/CVE-2026-6420/badge.svg" alt="TruePositive verdict for CVE-2026-6420"></a>Live badge that updates automatically as the community verdict changes.
Community ground truth
In your experience, is this finding real and exploitable?
0 verdictsNo account needed. Anonymous verdicts post as an unverified signal. Log in to make yours verified and earn reputation.
Field notes & remediation
Verdicts are the quick signal. Notes are the evidence and fixes behind them.
No notes yet. Be the first to share what you saw, or a fix that worked.