New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Maven

Bouncy Castle Has Covert Timing Channel Vulnerability

GHSA-p93r-85wp-75v3 · CVE-2026-5598

Published · Modified

Description

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java.

This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations.

This issue affects BC-JAVA: from 1.71 to 1.80.1, 1.81, 1.82 to 1.83.

Fixed versions: 1.80.2, 1.81.1, 1.84

Ready to move

Start Securing

Free, no credit card | First findings in minutes