VYPR
High severityGHSA Advisory· Published Apr 15, 2026· Updated Jun 14, 2026

CVE-2026-5598

CVE-2026-5598

Description

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).

This vulnerability is associated with program files FrodoEngine.Java.

This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcprov-jdk15to18Maven
>= 1.71, < 1.80.21.80.2
org.bouncycastle:bcprov-jdk14Maven
>= 1.81, < 1.81.11.81.1
org.bouncycastle:bcprov-jdk18onMaven
>= 1.82, < 1.841.84

Affected products

111

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.