.. _vulnerabilityManagement_securityAdvisory_2026_CVE-2026-5588:

CVE-2026-5588
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2026-04-22

Severity: Medium

CVSS Score:  6.3 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Amber)

Riferimenti:  

- `https://nvd.nist.gov/vuln/detail/CVE-2026-5588 <https://nvd.nist.gov/vuln/detail/CVE-2026-5588>`_
- `https://ossindex.sonatype.org/vulnerability/CVE-2026-5588 <https://ossindex.sonatype.org/vulnerability/CVE-2026-5588>`_
- `https://github.com/advisories/GHSA-wg6q-6289-32hp <https://github.com/advisories/GHSA-wg6q-6289-32hp>`_

Libreria: org.bouncycastle:bcpkix-jdk18on <= 1.84

**Descrizione**

[CVE-2026-5588] CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11.

**GovWay**

Versione affette:

- 3.3.x: <= 3.3.19.p1
- 3.4.x: <= 3.4.2.p1

Risoluzione:

- 3.3.x: 3.3.20
- 3.4.x: 3.4.3