High severityGHSA Advisory· Published Apr 15, 2026· Updated Jun 14, 2026
CVE-2026-5598
CVE-2026-5598
Description
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).
This vulnerability is associated with program files FrodoEngine.Java.
This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk15to18Maven | >= 1.71, < 1.80.2 | 1.80.2 |
org.bouncycastle:bcprov-jdk14Maven | >= 1.81, < 1.81.1 | 1.81.1 |
org.bouncycastle:bcprov-jdk18onMaven | >= 1.82, < 1.84 | 1.84 |
Affected products
111- Range: >= 1.71, < 1.84
- osv-coords110 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-pulsar-4.0pkg:apk/chainguard/apache-pulsar-4.1pkg:apk/chainguard/apache-pulsar-4.2pkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/commercial-elasticsearch-8.17pkg:apk/chainguard/commercial-elasticsearch-8.19pkg:apk/chainguard/commercial-elasticsearch-9.1pkg:apk/chainguard/commercial-elasticsearch-9.2pkg:apk/chainguard/commercial-elasticsearch-9.3pkg:apk/chainguard/druidpkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/elasticsearch-8.19pkg:apk/chainguard/elasticsearch-8.19-iamguardedpkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-9.1pkg:apk/chainguard/elasticsearch-9.1-iamguardedpkg:apk/chainguard/elasticsearch-9.2pkg:apk/chainguard/elasticsearch-9.2-iamguardedpkg:apk/chainguard/elasticsearch-9.3pkg:apk/chainguard/elasticsearch-9.3-iamguardedpkg:apk/chainguard/geoserver-2.27pkg:apk/chainguard/geoserver-2.28pkg:apk/chainguard/ghidrapkg:apk/chainguard/gradle-8pkg:apk/chainguard/gradle-9pkg:apk/chainguard/hadoop-fips-3.4.2pkg:apk/chainguard/jenkins-2.528-openjdk-17pkg:apk/chainguard/jenkins-2.528-openjdk-21pkg:apk/chainguard/jenkins-2.555pkg:apk/chainguard/jenkins-2.555-openjdk-21pkg:apk/chainguard/jenkins-2.555-openjdk-25pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-25pkg:apk/chainguard/jruby-10.1pkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/kayenta-2025.2pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-fips-2025.2pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/kayenta-fips-2026.0pkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-26.6-iamguarded-compatpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/logstash-8.19pkg:apk/chainguard/logstash-8.19-iamguarded-compatpkg:apk/chainguard/logstash-8.19-with-output-opensearchpkg:apk/chainguard/logstash-9.1pkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/logstash-9.3pkg:apk/chainguard/logstash-9.3-iamguarded-compatpkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/pinotpkg:apk/chainguard/pinot-fipspkg:apk/chainguard/ruby3.2-bouncy-castle-javapkg:apk/chainguard/ruby3.3-bouncy-castle-javapkg:apk/chainguard/ruby3.4-bouncy-castle-javapkg:apk/chainguard/ruby4.0-bouncy-castle-javapkg:apk/chainguard/sonarqubepkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wso2ispkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-slimpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-pulsar-4.1pkg:apk/wolfi/apache-pulsar-4.2pkg:apk/wolfi/druidpkg:apk/wolfi/gradle-8pkg:apk/wolfi/gradle-9pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-2-openjdk-25pkg:apk/wolfi/jruby-10.1pkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-26.6-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/logstash-9.1pkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/logstash-9.3pkg:apk/wolfi/logstash-9.3-iamguarded-compatpkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/ruby3.2-bouncy-castle-javapkg:apk/wolfi/ruby3.3-bouncy-castle-javapkg:apk/wolfi/ruby3.4-bouncy-castle-javapkg:apk/wolfi/ruby4.0-bouncy-castle-javapkg:apk/wolfi/sonarqubepkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-slimpkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15to18pkg:maven/org.bouncycastle/bcprov-jdk18onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 2.17.0-r9+ 109 more
- (no CPE)range: < 2.17.0-r9
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 4.0.10-r0
- (no CPE)range: < 4.1.3-r14
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 8.6.39-r3
- (no CPE)range: < 8.17.10-r2
- (no CPE)range: < 8.19.15-r0
- (no CPE)range: < 9.1.10-r0
- (no CPE)range: < 9.2.8-r1
- (no CPE)range: < 9.3.5-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 8.17.10-r21
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 8.19.14-r2
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.1.10-r4
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 2.27.5-r5
- (no CPE)range: < 2.28.3-r3
- (no CPE)range: < 12.0.4-r2
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 3.4.2-r2
- (no CPE)range: < 2.528.3-r4
- (no CPE)range: < 2.528.3-r4
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.555.2-r3
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 2025.2.4-r5
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 2026.0.2-r7
- (no CPE)range: < 2025.2.4-r6
- (no CPE)range: < 2025.4.3-r8
- (no CPE)range: < 2026.0.2-r8
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 8.19.16-r0
- (no CPE)range: < 8.19.16-r0
- (no CPE)range: < 8.19.16-r0
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.3.5-r1
- (no CPE)range: < 9.3.5-r1
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 1.5.0-r21
- (no CPE)range: < 1.5.0-r11
- (no CPE)range: < 1.5.0146.1-r8
- (no CPE)range: < 1.5.0146.1-r6
- (no CPE)range: < 1.5.0146.1-r7
- (no CPE)range: < 1.5.0146.1-r3
- (no CPE)range: < 26.6.0.123539-r0
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 7.3.0-r0
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 2.9.0-r3
- (no CPE)range: < 4.1.3-r14
- (no CPE)range: < 4.2.1-r0
- (no CPE)range: < 36.0.0-r15
- (no CPE)range: < 8.14.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 2.560-r0
- (no CPE)range: < 10.1.0.0-r1
- (no CPE)range: < 9.4.14.0-r5
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 26.6.1-r4
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.1.10-r8
- (no CPE)range: < 9.3.5-r1
- (no CPE)range: < 9.3.5-r1
- (no CPE)range: < 2.19.4-r14
- (no CPE)range: < 1.5.0146.1-r8
- (no CPE)range: < 1.5.0146.1-r6
- (no CPE)range: < 1.5.0146.1-r7
- (no CPE)range: < 1.5.0146.1-r3
- (no CPE)range: < 26.6.0.123539-r0
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 4.3.1.2-r0
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 39.0.1-r5
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: < 3.6.1-r12
- (no CPE)range: >= 1.71, < 1.84
- (no CPE)range: >= 1.71, < 1.84
- (no CPE)range: >= 1.71, < 1.84
- (no CPE)range: < 1.84-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.