CVE-2026-5588 — Use of a Broken or Risky Cryptographic Algorithm in OF THE Bouncy Castle INC Bc-java

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 98.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Legion OF THE Bouncy Castle INC Bc-java

Timeline

PublishedApr 15

Description

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5legion_of_the_bouncy_castle_inc/bc-java1.67 — 1.84

🔴Vulnerability Details

VulDB

Legion of the Bouncy Castle BC-JAVA up to 1.83 risky encryption↗2026-04-15

▶

GHSA

GHSA-wg6q-6289-32hp: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc↗2026-04-15

▶

GHSA

Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules↗2026-04-15

▶