CVE-2021-34426

Name of the Vulnerable Software and Affected Versions: Keybase Client for Windows versions prior to 5.6.0

Description: A vulnerability was discovered in the Keybase Client for Windows when a user executed the keybase git lfs-config command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user's local system.

Recommendations: For versions prior to 5.6.0, update to version 5.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Git repository to minimize the risk of exploitation. Avoid executing the keybase git lfs-config command on the command-line until the issue is resolved.