EUVD-2026-22849

| CVE-2026-0636 MEDIUM
2026-04-15 bcorg
Java Ldap Code Injection
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
N

Lifecycle Timeline

3
Severity Changed
Apr 15, 2026 - 15:22 NVD
CRITICAL MEDIUM
CVSS Changed
Apr 15, 2026 - 15:22 NVD
10.0 (CRITICAL) 5.5 (MEDIUM)
Analysis Generated
Apr 15, 2026 - 12:40 vuln.today

DescriptionNVD

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). LDAP Injection Vulnerability in LDAPStoreHelper.java

This issue affects BC-JAVA: from 1.49 before 1.84.

AnalysisAI

LDAP injection in Bouncy Castle BC-JAVA bcprov module (versions 1.49 through 1.83) allows remote unauthenticated attackers to manipulate LDAP queries via specially crafted input to LDAPStoreHelper.java, enabling complete compromise of confidentiality, integrity, and availability across security boundaries. This critical vulnerability (CVSS 10.0) affects a widely deployed cryptographic library used throughout the Java ecosystem. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify all Java applications and dependencies using Bouncy Castle bcprov (versions 1.49-1.83) via software bill of materials (SBOM) or dependency scanning tools; flag systems using LDAP functionality for priority patching. Within 7 days: implement network segmentation to restrict LDAP query traffic to trusted sources only; enable request logging and anomaly detection on LDAP query patterns. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy