CVE-2026-5598

Published: Apr 15, 2026 Last Modified: Apr 15, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 10,0

Source: 91579145-5d7b-4cc5-b925-a0262ff19630

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).
Non-constant time comparisons risk private key leakage in FrodoKEM.

This issue affects BC-JAVA: from 2.17.3 before 1.84.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0005

Percentile

0,1th

Updated

EPSS Score Trend (Last 2 Days)

385

Covert Timing Channel

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Other

Potential Impacts:

Read Application Data Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%8…

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998

CVE-2026-5598

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 2 Days)

Covert Timing Channel

Common Consequences

Applicable Platforms

Iscriviti alla newsletter