CVE-2026-5588

CVE-2026-5588 is a PKIX validation flaw in the Bouncy Castle libraries (BC-JAVA, BCPKIX-FIPS, BCPIX-LTS) where CompositeVerifier could accept an empty signature sequence. Affects BC-JAVA 1.67–1.83 (fixed in 1.84); BCPKIX-FIPS 2.0.6–2.0.10 (fixed in 2.0.11) and 2.1.7–2.1.10 (fixed in 2.1.11); BCPI...