LDAP Injection in Bouncy Castle bcprov 1.741.84 (LDAPStoreHelper)
CVE-2026-0636 Published on April 15, 2026
LDAP Injection Vulnerability in LDAPStoreHelper.java
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).
This vulnerability is associated with program files LDAPStoreHelper.
This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
Weakness Type
What is a LDAP Injection Vulnerability?
The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
CVE-2026-0636 has been classified to as a LDAP Injection vulnerability or weakness.
Products Associated with CVE-2026-0636
Want to know whenever a new CVE is published for Bouncycastle Bc Java? stack.watch will email you.
Affected Versions
Legion of the Bouncy Castle Inc. BC-JAVA:- Version 1.74 and below 1.80.2 is affected.
- Version 1.81 and below 1.81.1 is affected.
- Version 1.82 and below 1.84 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.