New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Maven

Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules

GHSA-wg6q-6289-32hp · CVE-2026-5588

Published · Modified

Description

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).

PKIX draft CompositeVerifier accepts empty signature sequence as valid.

This issue affects BC-JAVA: from 1.49 before 1.84.

Ready to move

Start Securing

Free, no credit card | First findings in minutes