Is Java affected by CVE-2026-0636?

Bouncy Castle BC-JAVA versions 1.49-1.83 contain a critical LDAP injection vulnerability (CVSS 10.0) that enables unauthenticated remote attackers to compromise confidentiality, integrity, and availability of systems using this widely-deployed cryptographic library.

CVE-2026-0636

EUVD-2026-22849 MEDIUM

2026-04-15 bcorg

Java Ldap Code Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 15, 2026 - 15:22 NVD

CRITICAL MEDIUM

CVSS Changed

Apr 15, 2026 - 15:22 NVD

10.0 (CRITICAL) 5.5 (MEDIUM)

Analysis Generated

Apr 15, 2026 - 12:40 vuln.today

DescriptionNVD

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). LDAP Injection Vulnerability in LDAPStoreHelper.java

This issue affects BC-JAVA: from 1.49 before 1.84.

AnalysisAI

LDAP injection in Bouncy Castle BC-JAVA bcprov module (versions 1.49 through 1.83) allows remote unauthenticated attackers to manipulate LDAP queries via specially crafted input to LDAPStoreHelper.java, enabling complete compromise of confidentiality, integrity, and availability across security boundaries. This critical vulnerability (CVSS 10.0) affects a widely deployed cryptographic library used throughout the Java ecosystem. …

RemediationAI

Within 24 hours: identify all Java applications and dependencies using Bouncy Castle bcprov (versions 1.49-1.83) via software bill of materials (SBOM) or dependency scanning tools; flag systems using LDAP functionality for priority patching. Within 7 days: implement network segmentation to restrict LDAP query traffic to trusted sources only; enable request logging and anomaly detection on LDAP query patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0636 vulnerability details – vuln.today

Back

CVE-2026-0636

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CVE-2026-0636

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code