QwikSec

Security Database

CVE

CWE

Training

CVE-2026-5598

Published: Apr 15, 2026

Modified: May 18, 2026

PUBLISHED

Description

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.

Vendor	Product	Versions
Legion of the Bouncy Castle Inc.	BC-JAVA	affected `1.71 - < 1.80.2` affected `1.81 - < 1.80.1` affected `1.82 - < 1.84`

Weaknesses (CWE)

References

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598

vendor-advisory

https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87

patch

https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-5598 - Security Vulnerability | QwikSec