CVE-2026-21439

Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below

Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as vertical tabs and ANSI escape sequences. This injection can lead to misleading output when using the badkeys command-line tool. This affects scanning DKIM keys (using both --dkim and --dkim-dns options), SSH keys (in --ssh-lines mode), and filenames in various modes.

Recommendations Update to version 0.0.16 or later.