Vulnerability in RSA Implementation by RustCrypto Affects Key Generation Process
CVE-2026-21895

2.7LOW

Key Information:

Vendor

Rustcrypto

Status
Vendor
CVE Published:
8 January 2026

What is CVE-2026-21895?

The rsa crate, a Rust implementation of RSA, exhibits an issue in its key creation process. Prior to version 0.9.10, the library experiences a panic when constructing an RSA private key with one of the prime numbers being '1', instead of gracefully handling the error. This flaw can lead to unintended application behavior and security implications, and it has been addressed in version 0.9.10. Users are encouraged to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

RSA < 0.9.10

References

CVSS V4

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.