Sign In

CVE-2026-5588

ADVISORY - github

Summary

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).

PKIX draft CompositeVerifier accepts empty signature sequence as valid.

This issue affects BC-JAVA: from 1.49 before 1.84.

EPSS Score: 0.00029 (0.082)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - github

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in