Qualys Cloud Agent for Linux ARM Release 6.1.1

January 19, 2026

We are introducing the following new features and enhancements for this release of Linux ARM Cloud Agent.

Updated GPG Signing Key

We have updated the GPG Signing key for the Linux ARM Cloud Agent to SHA-256. The updated GPG signing key enhances the Cloud Agent package verification process by implementing the latest cryptography and modern security standards with SHA-256.

Cloud Agent installations and upgrades fail if a new SHA-256 GPG key is not imported on the Cloud Agent host, where security policies block the installation and upgrades with an outdated or unrecognized GPG keys, such as a SHA-1 GPG key.

To learn more about Package Integrity verification with the new GPG key, refer to the Cloud Agent Package Integrity.

FIPS-Compliant Build for RPM-based Systems

We are introducing the Federal Information Processing Standards (FIPS) compliant build for Qualys Cloud Agent on RPM-based operating systems.

This provides enhanced data integrity and interoperability with other security tools and systems. Additionally, with the FIPS-compliant build, the Qualys Cloud Agent meets regulatory requirements for managing sensitive information.

For more information about this new feature, refer to Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems.

Qualys Cloud Agent for Linux ARM 6.1.1 currently supports only the SHA-2 hashes for FIPS.

Behavior Changes

There are no behavior changes in this release.

Platform Coverage Support

No new platform coverage added in this release.

Issues Addressed

The following important and notable issues are fixed in this release:

Component/Category	Description
Untrusted Search Path Vulnerability	The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges. We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426).

Component/Category

Description

Untrusted Search Path Vulnerability

The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges.

We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426).

Known Issues, Limitations, and Workarounds

There are no known issues or limitations in this release.

Last updated: February, 2026