diff --git a/java/change-notes/2021-06-11-tainted-key-read-steps.md b/java/change-notes/2021-06-11-tainted-key-read-steps.md
new file mode 100644
index 00000000000..a0e03053c35
--- /dev/null
+++ b/java/change-notes/2021-06-11-tainted-key-read-steps.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Data flow now propagates taint from tainted Maps to read steps of their keys (e.g. `tainted.keySet()`).
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index 93b8641d11b..966daea783f 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -69,6 +69,7 @@ private module Cached {
     |
       f instanceof ArrayContent or
       f instanceof CollectionContent or
+      f instanceof MapKeyContent or
       f instanceof MapValueContent
     )
     or