CLEANSTART-2026-PK73499 Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ROOT-APP-MAVEN-CVE-2026-5588 CVE-2026-5588 in io.root.org.bouncycastle:bcpkix-jdk18on - Patched by Root

Root has patched CVE-2026-5588 in the io.root.org.bouncycastle:bcpkix-jdk18on package for Root:Maven. Multiple fixed versions available...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.7 release and security update

Red Hat AMQ Broker 7.12.7 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.13.5 release and security update

Red Hat AMQ Broker 7.13.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OPENSUSE-SU-2026:20627-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java bsc1262226. - CVE-2026-3505: Unbounded PGP...

CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

bouncycastle-1.84-1.1 on GA media (moderate)

bouncycastle-1.84-1.1 on GA media Announcement ID: openSUSE-SU-2026:10571-1 Rating: moderate Cross-References: CVE-2025-14813 CVE-2026-0636 CVE-2026-3505 CVE-2026-5588 CVE-2026-5598 CVSS scores: CVE-2025-14813 SUSE : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2025-14813 SUSE : 8.3...

CVE-2026-5588 vulnerabilities

Vulnerabilities for packages: jenkins, kserve-modelmesh, keycloak, apache-pulsar, jruby, wildfly, apache-nifi-registry, apache-nifi, thingsboard, druid...

Linux Distros Unpatched Vulnerability : CVE-2026-5588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Cast...

org.bouncycastle:bcjmail-debug-jdk18on (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk18on (>=1.81 <=1.83) +1 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk18on (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk18on MAVEN version =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

aero.m-click:mcpdf (>=0.2.3 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +20634 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk15on (>=1.49 <=1.70)

org.bouncycastle:bcpkix-jdk15on MAVEN version =1.49, =0.2.3, =4.4.0.0, =0.1.12, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9547 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.03.26.140500-911435f and more Source cves: CVE-2026-5588 Source advisory:...

org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

CVE-2026-5588

creationtimestamp| type| source ---|---|--- 2026-04-15 13:11:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjxtqoczn2t 2026-04-28 16:34:47+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116483286321859891...

DEBIAN-CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

app.cash.trifle:common (>=0.2.9 <=0.2.10), app.cash.trifle:jvm (>=0.1.0 <=0.2.10) +997 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk15to18 (>=1.63 <=1.83)

org.bouncycastle:bcpkix-jdk15to18 MAVEN version =1.63, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =3.5.0.0, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =0.1.1, =0.1.4.2 and more Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075259...

cn.hyperchain.javasdk:hyperchainsdk (>=4.2.1 <=4.2.3), com.github.WHUTzju:blockchainsdk (=4.1.3) +79 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk14 (>=1.50 <=1.83)

org.bouncycastle:bcpkix-jdk14 MAVEN version =1.50, =4.2.1, =9.1.20, =2.0, =2.0, =2.0, =0.1.1, =1.0.1.0.20180504134220, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.2.6 and more Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075258...