The CVE has been addressed by this PR [1] but no new release has been made yet. Based on the PR message, the public key support was a feature that was never used, thus, the code might be affected, but no one used this feature, and it has been entirely removed by this PR. It should be safe to wait for a proper release in the next few days. [1]: https://github.com/tailscale/tailscale/pull/14373