Cyber Resilience

CVE-2026-6420

MediumUpdated

Published: 06 May 2026

Published
06 May 2026
Modified
24 June 2026
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0012 2.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-6420 is a medium-severity Use of Predictable Algorithm in Random Number Generator (CWE-1241) vulnerability. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module…

more

(TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Hardcoded nonce enables TPM quote replay to bypass Keylime attestation and evade post-compromise detection.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References