CVE-2026-5598
org.bouncycastle : bcprov-jdk18on : 1.84
Issue
CVE-2026-5598
Severity
Sonatype CVSS 410.0
Weakness
CVE CWE385
Source
National Vulnerability Database
Categories
Data
Description from CVE
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84.
Explanation
This issue has undergone the Sonatype Fast-Track process. For more information, please see the Sonatype Knowledge Base Guide.
Version Affected
[1.71,1.84]
Root Cause
bcprov-jdk18on-1.84.jar( , )
Advisories
Projecthttps://access.redhat.com/security/cve/cve-2026-5598
CVE-2026-5598
org.bouncycastle : bcprov-jdk18on : 1.84
Issue
CVE-2026-5598
Severity
Sonatype CVSS 410.0
Weakness
CVE CWE385
Source
National Vulnerability Database
Categories
Data
Description from CVE
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84.
Explanation
This issue has undergone the Sonatype Fast-Track process. For more information, please see the Sonatype Knowledge Base Guide.
Version Affected
[1.71,1.84]
Root Cause
bcprov-jdk18on-1.84.jar( , )
Advisories
Projecthttps://access.redhat.com/security/cve/cve-2026-5598