Vulnerability in Legion Of The Bouncy Castle Inc. Bc-java

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, fro…

EPSS: 0.000 (6.5th percentile) — read the EPSS interpretation.

Affected products

Legion Of The Bouncy Castle Inc. Bc-java — versions 1.81, 1.82, 1.71

Weakness classification (CWE)

CWE-385

References

91579145-5d7b-4cc5-b925-a0262ff19630 (vendor-advisory)
91579145-5d7b-4cc5-b925-a0262ff19630 (patch)
91579145-5d7b-4cc5-b925-a0262ff19630 (patch)