VYPR
High severityGHSA Advisory· Published Apr 15, 2026· Updated May 19, 2026

CVE-2026-3505

CVE-2026-3505

Description

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).

This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java.

This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcpg-jdk12Maven
<= 130
org.bouncycastle:bcpg-jdk14Maven
< 1.841.84
org.bouncycastle:bcpg-jdk15Maven
<= 1.46
org.bouncycastle:bcpg-jdk15to18Maven
< 1.841.84
org.bouncycastle:bcpg-jdk15onMaven
<= 1.70
org.bouncycastle:bcpg-jdk16Maven
<= 1.46
org.bouncycastle:bcpg-jdk18onMaven
< 1.841.84

Affected products

30

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.