What is the CVSS score of CVE-2026-21439?

CVE-2026-21439 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of SSH are affected by CVE-2026-21439?

Organizations using badkeys should be aware of moderate risk from CVE-2026-21439 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2026-21439?

Yes, a public proof-of-concept exploit is available for CVE-2026-21439. Prioritise patching immediately. EPSS: 0.0%.

SSH CVE-2026-21439

MEDIUM

Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)

2026-01-06 security-advisories@github.com

GHSA-wjpc-4f29-83h3

SSH Badkeys

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 12, 2026 - 18:18 vuln.today

Public exploit code

Patch released

Jan 12, 2026 - 18:18 nvd

Patch available

CVE Published

Jan 06, 2026 - 00:15 nvd

MEDIUM 5.3

DescriptionNVD

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16.

AnalysisAI

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. [CVSS 5.3 MEDIUM]

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-21439 vulnerability details – vuln.today

Back

SSH CVE-2026-21439

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code