Keylime

This hub aggregates every CVE we track for Keylime, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Keylime.

• CVE-2026-1709Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication9.4Feb 6, 2026
• CVE-2025-13609Keylime: keylime: registrar allows identity takeover via duplicate uuid registration8.2Nov 24, 2025
• CVE-2025-1057Keylime: keylime registrar dos due to incompatible database entry handling4.3Mar 15, 2025
• CVE-2023-38201Keylime: challenge-response protocol bypass during agent registration6.5Aug 25, 2023
• CVE-2023-38200Keylime: registrar is subject to a dos against ssl connections7.5Jul 24, 2023
• CVE-2023-3674Keylime: attestation failure when the quote's signature does not validate2.3Jul 19, 2023
• CVE-2022-3500A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create erro...5.1Nov 22, 2022
• CVE-2022-23952In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.7.5Sep 21, 2022
• CVE-2022-23951In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.5.5Sep 21, 2022
• CVE-2022-23950In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.7.5Sep 21, 2022
• CVE-2022-23949In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.7.5Sep 21, 2022
• CVE-2021-43310A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remot...9.8Sep 21, 2022
• CVE-2022-23948A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to oth...7.5Sep 21, 2022
• CVE-2022-1053Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allo...9.1May 6, 2022
• CVE-2021-3406A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.9.8Feb 25, 2021