CVE-2026-21439
badkeys vulnerable to ASCII control character injection on console via malformed input
描述
### Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the `badkeys` command-line tool. This impacts scanning DKIM keys (both `--dkim` and `--dkim-dns`), SSH keys (`--ssh-lines` mode), and filenames in various modes. ### Patches This has been fixed with the following commits: https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c64087 https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f349a All users should upgrade `badkeys` to version 0.0.16. ### Resources https://github.com/badkeys/badkeys/issues/40
如何修補 CVE-2026-21439
要修補 CVE-2026-21439,請將受影響套件升級到下列已修補版本。
- —升級至 0.0.16 或更新版本
CVE-2026-21439 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.0.16
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |