CVE-2026-8149 is a medium-severity issue in Legion of the Bouncy Castle Inc. BC-LTS that affects Linux x86_64 builds using AVX or AVX-512f-specific GCM program files. The supplied NVD record shows a local attack surface, low attack complexity, and low availability impact. Systems running BC-LTS from 2.73.0 through 2.73.10 should be treated as affected until upgraded.
HIGHLegion of the Bouncy Castle Inc.CVE published 2026-04-15
CVE-2026-3505 is a high-severity availability issue in the BC-JAVA bcpg module from Legion of the Bouncy Castle Inc. The NVD record describes an "allocation of resources without limits or throttling" weakness affecting AEAD-related processing paths. In practical defensive terms, software that accepts untrusted PGP or AEAD input through bcpg should be treated as exposed to resource-exhaustion risk until patched.
