CVE-2026-21895
published 2026-01-08CVE-2026-21895: The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.40%
32.3th percentile
The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rust-rsa | < rust-rsa 0.9.10-1 (forky) | rust-rsa 0.9.10-1 (forky) |
| msrc | azl3_kata-containers-cc_3.15.0.aks0-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_kata-containers-cc_3.15.0.aks0-6_on_azure_linux_3.0 | — | — |
| pgp | pgp | >= 0.16.0-alpha.0 < 0.19.0 | 0.19.0 |
| rustcrypto | rsa | < 0.9.10 | 0.9.10 |
| rustcrypto | rsa | >= 0 < 0.9.10 | 0.9.10 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv4.02.7LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa2.7LOW
osv2.7LOW
vendor_debian2.7LOW
vendor_msrc2.7LOW
vendor_redhat2.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
osv·2026-02-13·CVSS 2.7
CVE-2026-21895 [LOW] rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
### Summary
It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.
### Details
While parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust "panic" during key construction. Note that an attacker can trigger this situation even in places where applications don't expect to handle foreign key material, for example while attempting to receive a message.
For more info
GHSA
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
ghsa·2026-02-13·CVSS 2.7
CVE-2026-21895 [LOW] CWE-703 rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
### Summary
It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.
### Details
While parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust "panic" during key construction. Note that an attacker can trigger this situation even in places where applications don't expect to handle foreign key material, for example while attempting to receive a message.
For more info
OSV
CVE-2026-21895: The `rsa` crate is an RSA implementation written in rust
osv·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895: The `rsa` crate is an RSA implementation written in rust
The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
GHSA
rsa crate has potential panic on a prime being equal to 1
ghsa·2026-01-06
CVE-2026-21895 [LOW] CWE-703 rsa crate has potential panic on a prime being equal to 1
rsa crate has potential panic on a prime being equal to 1
When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is `1`.
Discovered by Christian Reitter from [Radically Open Security](https://www.radicallyopensecurity.com/) during a security review for [Proton AG](https://proton.me/).
OSV
rsa crate has potential panic on a prime being equal to 1
osv·2026-01-06
CVE-2026-21895 [LOW] rsa crate has potential panic on a prime being equal to 1
rsa crate has potential panic on a prime being equal to 1
When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is `1`.
Discovered by Christian Reitter from [Radically Open Security](https://www.radicallyopensecurity.com/) during a security review for [Proton AG](https://proton.me/).
Microsoft
rsa crate has potential panic on a prime being equal to 1
vendor_msrc·2026-01-13·CVSS 2.7
CVE-2026-21895 [LOW] CWE-703 rsa crate has potential panic on a prime being equal to 1
rsa crate has potential panic on a prime being equal to 1
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Red Hat
RSA: RSA crate: Denial of Service due to malformed prime in private key generation
vendor_redhat·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CWE-703 RSA: RSA crate: Denial of Service due to malformed prime in private key generation
RSA: RSA crate: Denial of Service due to malformed prime in private key generation
The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
A flaw was found in the RSA crate, an RSA implementation in Rust. When an application attempts to create an RSA private key from its components, a remote attacker could provide a malformed prime value of '1'. This invalid input causes the application to panic, leading to a Denial of Service (DoS).
Statement: This vulnerability is rated Low for Red Hat products. The `rsa` crate, an RSA implementation in Rust, can panic when creating an RSA private key if one
Debian
CVE-2026-21895: rust-rsa - The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.1...
vendor_debian·2026·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895: rust-rsa - The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.1...
The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
Scope: local
forky: resolved (fixed in 0.9.10-1)
sid: resolved (fixed in 0.9.10-1)
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-21895 bpfman: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
bugzilla·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895 bpfman: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
CVE-2026-21895 bpfman: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Created a patch to bump rsa version to 0.9.9 which fixed this bug: https://koji.fedoraproject.org/koji/taskinfo?taskID=142769734
---
This message is a reminder that Fedora
Bugzilla
CVE-2026-21895 trustee-guest-components: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
bugzilla·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895 trustee-guest-components: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
CVE-2026-21895 trustee-guest-components: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2026-21895 kata-containers: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
bugzilla·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895 kata-containers: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
CVE-2026-21895 kata-containers: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2026-21895 vaultwarden: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
bugzilla·2026-01-08·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895 vaultwarden: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
CVE-2026-21895 vaultwarden: RSA crate: Denial of Service due to malformed prime in private key generation [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Wiz
CVE-2026-21895 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2026-21895 [LOW] CVE-2026-21895 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21895 :
Rust vulnerability analysis and mitigation
rsa
1
Source : NVD
## 2.7
Score
Published January 8, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
Rust
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
qdrant
sccache
Sources
NVD
Chainguard Has Fix Added at: Jan 11, 2026
Debian 13 Severity MEDIUM No Fix Added at: Jan 11, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Jan 11, 2026
Echo Severity MEDIUM No Fix Added at: Jan 11, 2026
Rust Severity LOW Has Fix Added at: Jan 07, 2026
MinimOS Severity MEDIUM Has Fix Added at: Jan 14, 2026
Nix Severity MEDIUM Has Fix Added at: Mar
2026-01-08
Published