CVE-2026-0636
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
An LDAP injection vulnerability in the Legion of the Bouncy Castle Inc. BC-JAVA bcprov library affects all prov modules. The issue is associated with the LDAPStoreHelper program files.
Risk Assessment
An attacker can exploit this vulnerability to gain unauthorized access to LDAP directory data, potentially leading to sensitive information disclosure or privilege escalation within the organization.
Recommendation
Immediately update the BC-JAVA library to version 1.80.2, 1.81.1, or 1.84 depending on the branch in use to remediate the LDAP injection vulnerability.
Original NVD description (English source)
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

