CVE-2026-8149— GCM chunking can lead to bad tag exception on decryption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8149
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GCM chunking can lead to bad tag exception on decryption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
软件实现和设计文档不一致
Source: NVD (National Vulnerability Database)
Vulnerability Title
Legion of the Bouncy Castle BC-FJA 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Legion of the Bouncy Castle BC-FJA是澳大利亚Legion of the Bouncy Castle公司的一套提供高强度加密算法与安全认证能力的加密库组件。 Legion of the Bouncy Castle BC-FJA存在安全漏洞,该漏洞源于加密计算异常,可能影响数据的机密性或完整性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Legion of the Bouncy Castle Inc. | BC-FJA | 2.1.0 ~ 2.1.2 | - |
II. Public POCs for CVE-2026-8149
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8149
请登录查看更多情报信息。
- https://do-not-publish.bouncycastle.org/do_not_publishvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-8149
IV. Related Vulnerabilities
Same vendor: Legion of the Bouncy Castle Inc.
- CVE-2026-3505
Unbounded PGP AEAD chunk size leads to pre-auth resource exh - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2026-5598
Non-constant time comparisons risk private key leakage in Fr - CVE-2026-0636
LDAP Injection Vulnerability in LDAPStoreHelper.java - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
Same weakness: CWE-1068
V. Comments for CVE-2026-8149
No comments yet