CVE-2026-5588
Description
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).
This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.
This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcpkix-jdk18onMaven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-jdk15to18Maven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-jdk15onMaven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-jdk14Maven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-debug-jdk18onMaven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-debug-jdk15to18Maven | >= 1.49, < 1.84 | 1.84 |
org.bouncycastle:bcpkix-debug-jdk14Maven | >= 1.49, < 1.84 | 1.84 |
Affected products
83- Range: >= 1.49, < 1.84
- osv-coords82 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/apache-pulsar-4.0pkg:apk/chainguard/apache-pulsar-4.2pkg:apk/chainguard/camunda-8.8pkg:apk/chainguard/camunda-8.9pkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.8pkg:apk/chainguard/camunda-zeebe-8.9pkg:apk/chainguard/commercial-elasticsearch-8.19pkg:apk/chainguard/commercial-elasticsearch-9.3pkg:apk/chainguard/druidpkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/elasticsearch-8.19pkg:apk/chainguard/elasticsearch-8.19-iamguardedpkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-9.1pkg:apk/chainguard/elasticsearch-9.1-iamguardedpkg:apk/chainguard/elasticsearch-9.2pkg:apk/chainguard/elasticsearch-9.2-iamguardedpkg:apk/chainguard/elasticsearch-9.3pkg:apk/chainguard/elasticsearch-9.3-iamguardedpkg:apk/chainguard/ghidrapkg:apk/chainguard/guacamole-client-extensionspkg:apk/chainguard/hono-adapter-mqttpkg:apk/chainguard/jenkins-2.555pkg:apk/chainguard/jenkins-2.555-openjdk-21pkg:apk/chainguard/jenkins-2.555-openjdk-25pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-25pkg:apk/chainguard/jruby-10.1pkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/kayenta-2025.0pkg:apk/chainguard/kayenta-2025.1pkg:apk/chainguard/kayenta-2025.2pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-fips-2025.0pkg:apk/chainguard/kayenta-fips-2025.1pkg:apk/chainguard/kayenta-fips-2025.2pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/kayenta-fips-2026.0pkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-26.6-iamguarded-compatpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/nacospkg:apk/chainguard/nacos-dockerpkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wso2ispkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/apache-pulsar-4.2pkg:apk/wolfi/druidpkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-2-openjdk-25pkg:apk/wolfi/jruby-10.1pkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-26.6-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:maven/org.bouncycastle/bcpkix-debug-jdk14pkg:maven/org.bouncycastle/bcpkix-debug-jdk15to18pkg:maven/org.bouncycastle/bcpkix-debug-jdk18onpkg:maven/org.bouncycastle/bcpkix-jdk14pkg:maven/org.bouncycastle/bcpkix-jdk15onpkg:maven/org.bouncycastle/bcpkix-jdk15to18pkg:maven/org.bouncycastle/bcpkix-jdk18onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 2.9.0-r3+ 81 more
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 4.0.9-r12
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 8.8.22-r1
- (no CPE)range: < 8.9.1-r0
- (no CPE)range: < 8.7.28-r0
- (no CPE)range: < 8.8.23-r0
- (no CPE)range: < 8.9.1-r0
- (no CPE)range: < 8.19.15-r0
- (no CPE)range: < 9.3.5-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 8.17.10-r21
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 12.0.4-r2
- (no CPE)range: < 1.6.0-r6
- (no CPE)range: < 2.7.0-r11
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 2025.0.8-r11
- (no CPE)range: < 2025.1.6-r9
- (no CPE)range: < 2025.2.4-r5
- (no CPE)range: < 2025.4.3-r6
- (no CPE)range: < 2026.0.2-r6
- (no CPE)range: < 2025.0.8-r13
- (no CPE)range: < 2025.1.6-r10
- (no CPE)range: < 2025.2.4-r6
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 2026.0.2-r7
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 3.2.0-r7
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 7.3.0-r0
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 2.9.0-r1
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: >= 1.49, < 1.84
- (no CPE)range: < 1.84-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.