{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T22:41:25.315","vulnerabilities":[{"cve":{"id":"CVE-2026-21439","sourceIdentifier":"security-advisories@github.com","published":"2026-01-06T00:15:49.027","lastModified":"2026-01-12T18:18:59.067","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16."},{"lang":"es","value":"badkeys es una herramienta y biblioteca para verificar claves públicas criptográficas en busca de vulnerabilidades conocidas. En las versiones 0.0.15 e inferiores, un atacante podría inyectar contenido con caracteres de control ASCII como tabulaciones verticales, secuencias de escape ANSI, etc., que pueden generar una salida engañosa de la herramienta de línea de comandos badkeys. Esto afecta el escaneo de claves DKIM (tanto --dkim como --dkim-dns), claves SSH (modo --ssh-lines), y nombres de archivo en varios modos. Este problema está solucionado en la versión 0.0.16."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:badkeys:badkeys:*:*:*:*:*:python:*:*","versionEndExcluding":"0.0.16","matchCriteriaId":"AA459E08-D598-4832-942C-FF493A471141"}]}]}],"references":[{"url":"https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f349a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c64087","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/badkeys/badkeys/issues/40","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/badkeys/badkeys/security/advisories/GHSA-wjpc-4f29-83h3","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/badkeys/badkeys/issues/40","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}