cvedb.io
CVE-2021-34422
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2021-11-11T23:15:10.143 · Last modified 2026-06-17T03:55:49.577

Summary

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

Affected products

keybase — keybase

Does this affect you?

Add your gear to cvedb and we'll alert you only when keybase ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.