All vulnerabilities
CVE-2026-5588
Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules
Description
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).
PKIX draft CompositeVerifier accepts empty signature sequence as valid.
This issue affects BC-JAVA: from 1.49 before 1.84.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
6.3
Severity
Medium
Ecosystem
Java
Publish Date
April 15, 2026
Modified Date
April 17, 2026
Score Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green
Affected Versions
