CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

badkeys 安全漏洞

badkeys is an open source library of tools from badkeys to check cryptographic public keys for vulnerabilities. A security vulnerability exists in badkeys version 0.0.15 and earlier, which stems from the fact that an attacker can inject content containing ASCII control characters, potentially...

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

CVE-2026-21439

CVE-2026-21439 affects the badkeys tool/library, where versions ≤0.0.15 allow ASCII control characters (e.g., vertical tabs, ANSI escape sequences) to inject misleading output in DKIM scanning (--dkim/--dkim-dns), SSH lines (--ssh-lines), and related filenames. The issue is fixed in version 0.0.1...

Improper Neutralization

Overview badkeys is a Check cryptographic keys for known weaknesses Affected versions of this package are vulnerable to Improper Neutralization of ASCII control characters in the badkeys command-line tool. An attacker can manipulate console output to display misleading or deceptive information by...

PT-2026-1358

Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as...

CVE-2002-0986

CVE-2002-0986 corresponds to a PHP 4.x vulnerability where mail() did not filter ASCII control characters from arguments, allowing remote attackers to modify mail content including headers and potentially use the server as a spam proxy. The OpenVAS entries confirm the issue arises on PHP

(RHSA-2002:214) php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA such as sendmail in the 5th argument to mail, altering MTA...

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

PHP fails to filter ASCII control characters from string arguments of mail() function

Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...