23 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Bouncy Castle bcpkix (CVE-2026-5588)
Summary A vulnerability in Bouncy Castle bcpkix that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules...
Security Bulletin: IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82.
Summary IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This...
Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager
Summary Multiple vulnerabilities in the third-party Bouncy Castle libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle In...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-5588)
Summary There are vulnerabilities in bcpkix-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-5588. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion...
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2026-1775)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1775 advisory. Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as...
Medium: bouncycastle
Issue Overview: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84. CVE-2026-5588 Affected...
CLEANSTART-2026-PK73499 Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1
Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.13.5 release and security update
Red Hat AMQ Broker 7.13.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
OPENSUSE-SU-2026:20627-1 Security update for bouncycastle
This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java bsc1262226. - CVE-2026-3505: Unbounded PGP...
CVE-2026-5588
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
bouncycastle-1.84-1.1 on GA media (moderate)
bouncycastle-1.84-1.1 on GA media Announcement ID: openSUSE-SU-2026:10571-1 Rating: moderate Cross-References: CVE-2025-14813 CVE-2026-0636 CVE-2026-3505 CVE-2026-5588 CVE-2026-5598 CVSS scores: CVE-2025-14813 SUSE : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2025-14813 SUSE : 8.3...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9600 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.06.09.151811-4851e30 and more Source cves: CVE-2026-5588 Source advisory:...
org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk15to18 (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
org.bouncycastle:bcjmail-debug-jdk18on (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk18on (>=1.81 <=1.83) +1 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk18on (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk18on MAVEN version =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
aero.m-click:mcpdf (>=0.2.3 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +20663 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk15on (>=1.49 <=1.70)
org.bouncycastle:bcpkix-jdk15on MAVEN version =1.49, =0.2.3, =4.4.0.0, =0.1.12, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
DEBIAN-CVE-2026-5588
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
CVE-2026-5588
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
cn.hyperchain.javasdk:hyperchainsdk (>=4.2.1 <=4.2.3), com.github.WHUTzju:blockchainsdk (=4.1.3) +79 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk14 (>=1.50 <=1.83)
org.bouncycastle:bcpkix-jdk14 MAVEN version =1.50, =4.2.1, =9.1.20, =2.0, =2.0, =2.0, =0.1.1, =1.0.1.0.20180504134220, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.2.6 and more Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075258...
org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075255...