Covert Timing Channel

CVE-2026-5598

High

8.9/10

Summary

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 1.71 prior to 1.84.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-385 - Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References

Advisory

Advisory Timeline

Published Apr 15, 2026

Covert Timing Channel

CVE-2026-5598

Summary

CWE-385 - Covert Timing Channel

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS