CVE-2026-5598
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc
Published: 2026-04-15 · Last updated: 2026-05-19
Severity and scoring
- CWE
- CWE-385
Description
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-6478 — Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials su... (6.5 MEDIUM)
- CVE-2025-9231 — Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm impleme... (6.5 MEDIUM)
- CVE-2025-49087 — In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plai... (4.0 MEDIUM)
- CVE-2024-23170 — An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 (5.5 MEDIUM)