CVE-2026-5588

Data: 2026-04-22

Severity: Medium

CVSS Score: 6.3 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Amber)

Riferimenti:

• https://nvd.nist.gov/vuln/detail/CVE-2026-5588

• https://ossindex.sonatype.org/vulnerability/CVE-2026-5588

• https://github.com/advisories/GHSA-wg6q-6289-32hp

Libreria: org.bouncycastle:bcpkix-jdk18on <= 1.84

Descrizione

[CVE-2026-5588] CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11.

GovWay

Versione affette:

• 3.3.x: <= 3.3.19.p1

• 3.4.x: <= 3.4.2.p1

Risoluzione:

• 3.3.x: 3.3.20

• 3.4.x: 3.4.3