High severityGHSA Advisory· Published Apr 15, 2026· Updated May 19, 2026
CVE-2026-3505
CVE-2026-3505
Description
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).
This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java.
This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcpg-jdk12Maven | <= 130 | — |
org.bouncycastle:bcpg-jdk14Maven | < 1.84 | 1.84 |
org.bouncycastle:bcpg-jdk15Maven | <= 1.46 | — |
org.bouncycastle:bcpg-jdk15to18Maven | < 1.84 | 1.84 |
org.bouncycastle:bcpg-jdk15onMaven | <= 1.70 | — |
org.bouncycastle:bcpg-jdk16Maven | <= 1.46 | — |
org.bouncycastle:bcpg-jdk18onMaven | < 1.84 | 1.84 |
Affected products
30- Range: < 1.84
- osv-coords29 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/gradle-8pkg:apk/chainguard/gradle-9pkg:apk/chainguard/jenkins-2.555pkg:apk/chainguard/jenkins-2.555-openjdk-21pkg:apk/chainguard/jenkins-2.555-openjdk-25pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-25pkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/gradle-8pkg:apk/wolfi/gradle-9pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-2-openjdk-25pkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:maven/org.bouncycastle/bcpg-jdk12pkg:maven/org.bouncycastle/bcpg-jdk14pkg:maven/org.bouncycastle/bcpg-jdk15pkg:maven/org.bouncycastle/bcpg-jdk15onpkg:maven/org.bouncycastle/bcpg-jdk15to18pkg:maven/org.bouncycastle/bcpg-jdk16pkg:maven/org.bouncycastle/bcpg-jdk18onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 2.9.0-r1+ 28 more
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 2.9.0-r2
- (no CPE)range: < 2.9.0-r2
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 2.9.0-r2
- (no CPE)range: < 2.9.0-r2
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: <= 130
- (no CPE)range: < 1.84
- (no CPE)range: <= 1.46
- (no CPE)range: <= 1.70
- (no CPE)range: < 1.84
- (no CPE)range: <= 1.46
- (no CPE)range: < 1.84
- (no CPE)range: < 1.84-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.