CVE-2026-0636 Java — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	5.5 (MEDIUM)
Affected Versions	before 1.84.
Type	CWE-90
Vendor	Java
Public PoC	No

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.

This issue affects BC-JAVA: from 1.74 before 1.84.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-90

References 2

https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde

91579145-5d7b-4cc5-b925-a0262ff19630

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636

91579145-5d7b-4cc5-b925-a0262ff19630

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33207

Java

8.6

CVE-2026-5598

Java

10.0

CVE-2026-5588

Java

6.3

CVE-2026-3505

Java

8.7

CVE-2025-14813

Java

9.3

Menu

CVE-2026-0636

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33207

CVE-2026-5598

CVE-2026-5588

CVE-2026-3505

CVE-2025-14813

CVE Details

Editor's Choice

Menu

CVE-2026-0636

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33207

CVE-2026-5598

CVE-2026-5588

CVE-2026-3505

CVE-2025-14813

CVE Details

Editor's Choice

Stay informed on cybersecurity