LDAP Injection in Legion Of The Bouncy Castle Inc. Bc-java

CVE-2026-0636

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHel…

EPSS: 0.000 (6.3th percentile) — read the EPSS interpretation.

Affected products

Legion Of The Bouncy Castle Inc. Bc-java — versions 1.74, 1.81, 1.82

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

91579145-5d7b-4cc5-b925-a0262ff19630 (vendor-advisory)
91579145-5d7b-4cc5-b925-a0262ff19630 (patch)