Medium severityGHSA Advisory· Published Apr 15, 2026· Updated May 19, 2026
CVE-2026-0636
CVE-2026-0636
Description
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).
This vulnerability is associated with program files LDAPStoreHelper.
This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk14Maven | >= 1.74, < 1.84 | 1.84 |
org.bouncycastle:bcprov-jdk15to18Maven | >= 1.74, < 1.84 | 1.84 |
org.bouncycastle:bcprov-jdk18onMaven | >= 1.74, < 1.84 | 1.84 |
Affected products
93- Range: >= 1.74, < 1.84
- osv-coords92 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/apache-pulsar-4.0pkg:apk/chainguard/apache-pulsar-4.2pkg:apk/chainguard/camunda-8.8pkg:apk/chainguard/camunda-8.9pkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.8pkg:apk/chainguard/camunda-zeebe-8.9pkg:apk/chainguard/commercial-elasticsearch-8.19pkg:apk/chainguard/commercial-elasticsearch-9.3pkg:apk/chainguard/druidpkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/elasticsearch-8.19pkg:apk/chainguard/elasticsearch-8.19-iamguardedpkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-9.1pkg:apk/chainguard/elasticsearch-9.1-iamguardedpkg:apk/chainguard/elasticsearch-9.2pkg:apk/chainguard/elasticsearch-9.2-iamguardedpkg:apk/chainguard/elasticsearch-9.3pkg:apk/chainguard/elasticsearch-9.3-iamguardedpkg:apk/chainguard/geoserver-2.27pkg:apk/chainguard/geoserver-2.28pkg:apk/chainguard/ghidrapkg:apk/chainguard/gradle-8pkg:apk/chainguard/gradle-9pkg:apk/chainguard/guacamole-client-extensionspkg:apk/chainguard/hono-adapter-mqttpkg:apk/chainguard/jenkins-2.555pkg:apk/chainguard/jenkins-2.555-openjdk-21pkg:apk/chainguard/jenkins-2.555-openjdk-25pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-25pkg:apk/chainguard/jruby-10.1pkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/kayenta-fips-2026.0pkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-26.6-iamguarded-compatpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/nacos-dockerpkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/ruby3.2-bouncy-castle-javapkg:apk/chainguard/ruby3.3-bouncy-castle-javapkg:apk/chainguard/ruby3.4-bouncy-castle-javapkg:apk/chainguard/ruby4.0-bouncy-castle-javapkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wso2ispkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-slimpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/apache-pulsar-4.2pkg:apk/wolfi/druidpkg:apk/wolfi/gradle-8pkg:apk/wolfi/gradle-9pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-2-openjdk-25pkg:apk/wolfi/jruby-10.1pkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-26.6-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/ruby3.2-bouncy-castle-javapkg:apk/wolfi/ruby3.3-bouncy-castle-javapkg:apk/wolfi/ruby3.4-bouncy-castle-javapkg:apk/wolfi/ruby4.0-bouncy-castle-javapkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-slimpkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15to18pkg:maven/org.bouncycastle/bcprov-jdk18onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 2.17.0-r9+ 91 more
- (no CPE)range: < 2.17.0-r9
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 4.0.10-r0
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 8.8.22-r2
- (no CPE)range: < 8.9.1-r0
- (no CPE)range: < 8.7.28-r0
- (no CPE)range: < 8.8.23-r0
- (no CPE)range: < 8.9.1-r0
- (no CPE)range: < 8.19.15-r0
- (no CPE)range: < 9.3.5-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 8.17.10-r21
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 2.27.5-r5
- (no CPE)range: < 2.28.3-r3
- (no CPE)range: < 12.0.4-r2
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 1.6.0-r5
- (no CPE)range: < 2.7.0-r10
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 2026.0.2-r7
- (no CPE)range: < 2025.4.3-r8
- (no CPE)range: < 2026.0.2-r8
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 1.5.0146.1-r8
- (no CPE)range: < 1.5.0146.1-r6
- (no CPE)range: < 1.5.0146.1-r7
- (no CPE)range: < 1.5.0146.1-r3
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 7.3.0-r0
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 1.5.0146.1-r8
- (no CPE)range: < 1.5.0146.1-r6
- (no CPE)range: < 1.5.0146.1-r7
- (no CPE)range: < 1.5.0146.1-r3
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: >= 1.74, < 1.84
- (no CPE)range: >= 1.74, < 1.84
- (no CPE)range: >= 1.74, < 1.84
- (no CPE)range: < 1.84-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.