216.73.217.80

CVE-2026-3505

· Published 15/04/2026 10:16 · Modified 15/04/2026 11:16

Labels: CVE-2026-3505 2026-04-1591579145-5d7b-4cc5-b925-a0262ff19630CVE-2026-3505CWE-400

Essential information

Published
15/04/2026 10:16
Modified
15/04/2026 11:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue affects BC-JAVA: before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
91579145-5d7b-4cc5-b925-a0262ff19630
NVD
View on NVD

Affected products (CPE)

ProductCPE
legion of the bouncy castle / bc-java bcpg cpe:2.3:a:legion_of_the_bouncy_castle:bc-java_bcpg:<1.84:*:*:*:*:*:*:*

References