QwikSec

Security Database

CVE

CWE

Training

CVE-2026-0636

Published: Apr 15, 2026

Modified: May 18, 2026

PUBLISHED

Description

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

Vendor	Product	Versions
Legion of the Bouncy Castle Inc.	BC-JAVA	affected `1.74 - < 1.80.2` affected `1.81 - < 1.81.1` affected `1.82 - < 1.84`

Weaknesses (CWE)

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636

vendor-advisory

https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.