CVE-2026-8149
Awaiting Analysis Awaiting Analysis - Queue

Legion of the Bouncy Castle BC-FJA BC-FIPS Buffer Overflow

Vulnerability report for CVE-2026-8149, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-19

Assigner: bcorg

Description

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-19
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
legion_of_the_bouncy_castle_inc bc-fja From 2.1.0 (inc) to 2.1.2 (inc)
legion_of_the_bouncy_castle_inc bc-fips *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1068 The implementation of the product is not consistent with the design as described within the relevant documentation.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Legion of the Bouncy Castle Inc.'s BC-FJA and BC-FIPS software on Linux systems using X86_64 architecture with AVX and AVX-512f instruction sets. It is related to the program files gcm128w and gcm512w and impacts versions 2.1.0 through 2.1.2 of BC-FJA.

Impact Analysis

The vulnerability has a CVSS v4.0 base score of 5.1, indicating a moderate severity. It involves local attack vector with low complexity and no privileges or user interaction required. The exact impact details are not specified, but given the affected components relate to cryptographic functions (gcm128w, gcm512w), it could potentially affect the security or integrity of cryptographic operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart