Home > Vulnerability Database > CVE-2026-21439

Mend.io Vulnerability Database

CVE-2026-21439

Good to know:

Date: January 5, 2026

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16.

Severity Score

4.0

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-21439

Url: https://github.com/badkeys/badkeys

Url: https://github.com/badkeys/badkeys/issues/40

Url: https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c64087

Url: https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f349a

Url: https://github.com/badkeys/badkeys/security/advisories/GHSA-wjpc-4f29-83h3

Url: https://www.mend.io/vulnerability-database/CVE-2026-21439

Severity Score

4.0

Weakness Type (CWE)

Improper Neutralization of Escape, Meta, or Control Sequences

CWE-150

Top Fix

Upgrade Version

Upgrade to version badkeys - 0.0.16;https://github.com/badkeys/badkeys.git - v0.0.16

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-21439

Good to know:

Date: January 5, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?