Vulnerability in RSA Implementation by RustCrypto Affects Key Generation Process
CVE-2026-21895
2.7LOW
What is CVE-2026-21895?
The rsa crate, a Rust implementation of RSA, exhibits an issue in its key creation process. Prior to version 0.9.10, the library experiences a panic when constructing an RSA private key with one of the prime numbers being '1', instead of gracefully handling the error. This flaw can lead to unintended application behavior and security implications, and it has been addressed in version 0.9.10. Users are encouraged to update to the latest version to mitigate the risk associated with this vulnerability.
Affected Version(s)
RSA < 0.9.10
