Skip to main content

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') in org.bouncycastle:bcprov-jdk14

CVE-2026-0636

  • org.bouncycastle:bcprov-jdk14
  • org.bouncycastle:bcprov-jdk18on
  • org.bouncycastle:bcprov-jdk15to18
Severity Medium
Score 5.5/10

Summary

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

References

Advisory Timeline

  • Published