PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5598 Legion of the Bouncy Castle Inc. CVE debrief

A covert timing channel vulnerability exists in the Legion of the Bouncy Castle BC-JAVA cryptographic library, specifically within the FrodoEngine implementation. The vulnerability allows attackers to extract sensitive information through timing analysis of cryptographic operations. Affected versions span multiple release branches: 1.71 through 1.80.1, 1.81 through 1.80.1, and 1.82 through 1.84. The vendor has released patched versions 1.80.2 and 1.84 to address this issue. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high impact on confidentiality and integrity of the victim system.

Vendor
Legion of the Bouncy Castle Inc.
Product
BC-JAVA
CVSS
HIGH 8.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-15
Original CVE updated
2026-05-19
Advisory published
2026-04-15
Advisory updated
2026-05-19

Who should care

Organizations deploying post-quantum cryptography with Bouncy Castle BC-JAVA, particularly those using FrodoKEM for key encapsulation. Security teams managing Java applications with cryptographic dependencies. Developers maintaining systems with long-term confidentiality requirements that may be threatened by quantum computing advances.

Technical summary

The vulnerability resides in FrodoEngine.java within the Bouncy Castle Java cryptography library. FrodoEngine implements the FrodoKEM post-quantum key encapsulation mechanism. Covert timing channels in cryptographic implementations typically arise from secret-dependent execution paths or memory access patterns that vary based on sensitive key material. The CVSS 4.0 scoring (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N) indicates this is remotely exploitable with low complexity, requiring no privileges or user interaction, with high impacts on both victim and subsequent system confidentiality and integrity. The vendor's fix commits and dedicated CVE wiki page confirm this is a timing side-channel in the FrodoKEM implementation. Organizations using Bouncy Castle for post-quantum cryptography should prioritize patching due to the potential for key material extraction through network-accessible timing analysis.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade BC-JAVA to version 1.80.2 or 1.84 or later to remediate the timing channel vulnerability in FrodoEngine
  • Review applications using Bouncy Castle for post-quantum cryptography (PQC) implementations that may invoke FrodoEngine
  • Monitor cryptographic operation timing in environments where immediate patching is not feasible
  • Assess exposure of PQC key material that may have been processed by affected FrodoEngine versions
  • Verify dependency management tools are configured to exclude vulnerable BC-JAVA versions

Evidence notes

CVE published 2026-04-15; modified 2026-05-19. Vendor advisory and fix commits available via GitHub. NVD status: Awaiting Analysis.

Official resources

2026-04-15