Browse all 12 CVE security advisories affecting Legion of the Bouncy Castle Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Legion of the Bouncy Castle Inc. develops the Bouncy Castle cryptographic library, widely used for Java and C# cryptographic operations. Historically, vulnerabilities in their software have commonly included remote code execution, cross-site scripting, and privilege escalation flaws. The library's extensive integration into enterprise systems has made it a target for attackers. While no major public security incidents have been documented, the 11 CVEs on record highlight ongoing security challenges in maintaining cryptographic implementations. Regular updates and careful implementation remain critical for organizations using their libraries to prevent potential exploitation of these vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3505 | Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. — BC-JAVACWE-770 | 7.5 | - | 2026-04-15 |
| CVE-2026-5588 | PKIX draft CompositeVerifier accepts empty signature sequence as valid. — BC-JAVACWE-327 | 9.1 | - | 2026-04-15 |
| CVE-2026-5598 | Non-constant time comparisons risk private key leakage in FrodoKEM. — BC-JAVACWE-385 | 5.9 | - | 2026-04-15 |
| CVE-2026-0636 | LDAP Injection Vulnerability in LDAPStoreHelper.java — BC-JAVACWE-90 | 9.8 | - | 2026-04-15 |
| CVE-2025-14813 | GOSTCTR implementation unable to process more than 255 blocks correctly — BC-JAVACWE-327 | 7.5 | - | 2026-04-15 |
This page lists every published CVE security advisory associated with Legion of the Bouncy Castle Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.