HIGH
bitcoinj
CVE published 2026-05-15
CVE-2026-44714
A signature verification bypass in bitcoinj versions prior to 0.17.1 allows attackers to satisfy local transaction validation for arbitrary P2PKH and P2WPKH outputs using any valid keypair, without proving ownership of the committed public key hash. The vulnerability exists in ScriptExecution.correctlySpends() where fast-path verification branches for standard P2PKH and native P2WPKH spends verify the att [truncated]