Question 1

What is CVE-2026-5598 — CVE-2026-5598?

Accepted Answer

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

Question 2

What is the authoritative source for CVE-2026-5598?

Accepted Answer

CVE-2026-5598 (CVE-2026-5598) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.51% probability of exploitation · percentile 39.5% · 2026-06-19T12:03:05Z
Last modified	2026-06-14

CVE-2026-5598CVE-2026-5598

Description

Scoring