GHSA-c3fc-8qff-9hwx

Suggest an improvement
Source
https://github.com/advisories/GHSA-c3fc-8qff-9hwx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-c3fc-8qff-9hwx/GHSA-c3fc-8qff-9hwx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c3fc-8qff-9hwx
Aliases
  • CVE-2026-0636
Downstream
Related
Published
2026-04-17T18:31:50Z
Modified
2026-04-18T19:44:23.059931751Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/RE:M/U:Amber CVSS Calculator
Summary
Bouncy Castle has an LDAP injection
Details

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.

This issue affects BC-JAVA: from 1.74 before 1.84.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2026-04-15T10:16:38Z",
    "github_reviewed_at": "2026-04-18T01:06:02Z",
    "cwe_ids": [
        "CWE-90"
    ],
    "severity": "MODERATE"
}
References

Affected packages

Maven / org.bouncycastle:bcprov-jdk14

Package

Name
org.bouncycastle:bcprov-jdk14
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.74
Fixed
1.84

Affected versions

1.*
1.74
1.75
1.76
1.77
1.78
1.78.1
1.79
1.80
1.81
1.82
1.83

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-c3fc-8qff-9hwx/GHSA-c3fc-8qff-9hwx.json"

Maven / org.bouncycastle:bcprov-jdk15to18

Package

Name
org.bouncycastle:bcprov-jdk15to18
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk15to18

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.74
Fixed
1.84

Affected versions

1.*
1.74
1.75
1.76
1.77
1.78
1.78.1
1.79
1.80
1.81
1.82
1.83

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-c3fc-8qff-9hwx/GHSA-c3fc-8qff-9hwx.json"

Maven / org.bouncycastle:bcprov-jdk18on

Package

Name
org.bouncycastle:bcprov-jdk18on
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk18on

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.74
Fixed
1.84

Affected versions

1.*
1.74
1.75
1.76
1.77
1.78
1.78.1
1.79
1.80
1.81
1.82
1.83

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-c3fc-8qff-9hwx/GHSA-c3fc-8qff-9hwx.json"