CVE Catalog

CVE-2026-0636

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile - higher than 41% of all known CVEs

Summary

An LDAP injection vulnerability in the Legion of the Bouncy Castle Inc. BC-JAVA bcprov library affects all prov modules. The issue is associated with the LDAPStoreHelper program files.

Risk Assessment

An attacker can exploit this vulnerability to gain unauthorized access to LDAP directory data, potentially leading to sensitive information disclosure or privilege escalation within the organization.

Recommendation

Immediately update the BC-JAVA library to version 1.80.2, 1.81.1, or 1.84 depending on the branch in use to remediate the LDAP injection vulnerability.

Original NVD description (English source)

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS