CVE-2021-42694: An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows
Summary
CVE-2021-42694 is a vulnerability in the Unicode Specification (up to version 14.0) that allows attackers to create source code identifiers (like function names) using homoglyphs (characters that look identical but are technically different) to sneak malicious code into software. An attacker could use these visually identical but distinct characters in upstream dependencies (external code libraries), and developers reviewing the code might not catch the deception, allowing the malicious code to be used downstream (in other software that depends on it).
Solution / Mitigation
The Unicode Consortium provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and has documented this security vulnerability in Unicode Technical Report #36, Unicode Security Considerations.
Vulnerability Details
8.3(high)
EPSS: 5.2%
Classification
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-42694
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 72%