CVE-2026-0636

Data: 2026-04-22

Severity: Medium

CVSS Score: 5.5 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/S:N/AU:Y/R:A/RE:M/U:Amber)

Riferimenti:

• https://nvd.nist.gov/vuln/detail/CVE-2026-0636

• https://ossindex.sonatype.org/vulnerability/CVE-2026-0636

• https://github.com/advisories/GHSA-c3fc-8qff-9hwx

Libreria: org.bouncycastle:bcprov-jdk18on <= 1.84

Descrizione

[CVE-2026-0636] CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (“LDAP Injection”)

Improper neutralization of special elements used in an LDAP query (“LDAP injection”) vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84.

GovWay

Versione affette:

• 3.3.x: <= 3.3.19.p1

• 3.4.x: <= 3.4.2.p1

Risoluzione:

• 3.3.x: 3.3.20

• 3.4.x: 3.4.3