CVE-2026-5588 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-5588 PUBLISHED CVSS 6.300000190734863 MEDIUM

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84.

EPSS 0.03% · 8.2th percentile

Risk Scores

CVSS v4.0

6.300000190734863

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green

EPSS Score

0.03%

8.2th percentile

Affected Products

Vendor	Product	Versions
Legion of the Bouncy Castle Inc.	BC-JAVA	1.67

Timeline

Apr 15, 2026 CVE Published
Apr 15, 2026 PoC Published
Apr 16, 2026 CVE Updated
Apr 16, 2026 EPSS Score
Apr 16, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch
May 6, 2026 Security Advisory
May 6, 2026 Distribution Patch

References

Open in Interactive Console →