Vulnerability Description
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Badkeys | Badkeys | < 0.0.16 |
Related Weaknesses (CWE)
References
- https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f34Patch
- https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c640Patch
- https://github.com/badkeys/badkeys/issues/40ExploitIssue TrackingThird Party Advisory
- https://github.com/badkeys/badkeys/security/advisories/GHSA-wjpc-4f29-83h3Third Party Advisory
- https://github.com/badkeys/badkeys/issues/40ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2026-21439?
CVE-2026-21439 is a vulnerability with a CVSS score of 5.3 (MEDIUM). badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical...
How severe is CVE-2026-21439?
CVE-2026-21439 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-21439?
Check the references section above for vendor advisories and patch information. Affected products include: Badkeys Badkeys.