Vulnerability-Lookup

CVE-2026-5588 (GCVE-0-2026-5588)

Vulnerability from cvelistv5 – Published: 2026-04-15 09:06 – Updated: 2026-05-18 23:22

Title

PKIX draft CompositeVerifier accepts empty signature sequence as valid.

Summary

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Amber

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Assigner

bcorg

References

2 references

URL	Tags
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	vendor-advisory
https://github.com/bcgit/bc-java/commit/656bae0db…	patch

Impacted products

3 products

Vendor	Product	Version
Legion of the Bouncy Castle Inc.	BC-JAVA	Affected: 1.67 , < 1.80.2 (maven) Affected: 1.81 , < 1.81.1 (maven) Affected: 1.82 , < 1.84 (maven)
Legion of the Bouncy Castle Inc.	BCPKIX-FIPS	Affected: 2.0.6 , < 2.0.11 (maven) Affected: 2.1.7 , < 2.1.11 (maven)
Legion of the Bouncy Castle Inc.	BCPIX-LTS	Affected: 2.73.7 , < 2.73.11 (maven)

Credits

Nicholas Carlini using Claude, Anthropic

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T19:35:32.235455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T19:35:40.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java/",
          "defaultStatus": "unaffected",
          "modules": [
            "pkix"
          ],
          "packageName": "bcpkix",
          "platforms": [
            "all"
          ],
          "product": "BC-JAVA",
          "programFiles": [
            "JcaContentVerifierProviderBuilder.java"
          ],
          "repo": "https://github.com/bcgit/bc-java",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThan": "1.80.2",
              "status": "affected",
              "version": "1.67",
              "versionType": "maven"
            },
            {
              "lessThan": "1.81.1",
              "status": "affected",
              "version": "1.81",
              "versionType": "maven"
            },
            {
              "lessThan": "1.84",
              "status": "affected",
              "version": "1.82",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java-fips/",
          "defaultStatus": "unaffected",
          "modules": [
            "pkix"
          ],
          "packageName": "bcpkix",
          "platforms": [
            "All"
          ],
          "product": "BCPKIX-FIPS",
          "programFiles": [
            "JcaContentVerifierProviderBuilder.java"
          ],
          "repo": "https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThan": "2.0.11",
              "status": "affected",
              "version": "2.0.6",
              "versionType": "maven"
            },
            {
              "lessThan": "2.1.11",
              "status": "affected",
              "version": "2.1.7",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java-lts/",
          "defaultStatus": "unaffected",
          "modules": [
            "pkix"
          ],
          "packageName": "bcpkix",
          "platforms": [
            "All"
          ],
          "product": "BCPIX-LTS",
          "programFiles": [
            "JcaContentVerfierProviderBuilder.java"
          ],
          "repo": "https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-lts8on/",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThan": "2.73.11",
              "status": "affected",
              "version": "2.73.7",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nicholas Carlini using Claude, Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\u003cp\u003e This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\u003c/p\u003e\u003cp\u003eThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.\u003c/p\u003e"
            }
          ],
          "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\n\n This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-18T23:22:57.378Z",
        "orgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
        "shortName": "bcorg"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "PKIX draft CompositeVerifier accepts empty signature sequence as valid.",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
    "assignerShortName": "bcorg",
    "cveId": "CVE-2026-5588",
    "datePublished": "2026-04-15T09:06:15.617Z",
    "dateReserved": "2026-04-04T23:50:59.336Z",
    "dateUpdated": "2026-05-18T23:22:57.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-5588",
      "date": "2026-06-19",
      "epss": "0.00259",
      "percentile": "0.17065"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-5588\",\"sourceIdentifier\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"published\":\"2026-04-15T10:16:49.597\",\"lastModified\":\"2026-05-19T00:16:37.613\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\\n\\n This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\\n\\n\\n\\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"references\":[{\"url\":\"https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057\",\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\"},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588\",\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5588\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T19:35:32.235455Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-15T13:11:21.652Z\"}}], \"cna\": {\"title\": \"PKIX draft CompositeVerifier accepts empty signature sequence as valid.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nicholas Carlini using Claude, Anthropic\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Amber\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/bcgit/bc-java\", \"vendor\": \"Legion of the Bouncy Castle Inc.\", \"modules\": [\"pkix\"], \"product\": \"BC-JAVA\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.67\", \"lessThan\": \"1.80.2\", \"versionType\": \"maven\"}, {\"status\": \"affected\", \"version\": \"1.81\", \"lessThan\": \"1.81.1\", \"versionType\": \"maven\"}, {\"status\": \"affected\", \"version\": \"1.82\", \"lessThan\": \"1.84\", \"versionType\": \"maven\"}], \"platforms\": [\"all\"], \"packageName\": \"bcpkix\", \"programFiles\": [\"JcaContentVerifierProviderBuilder.java\"], \"collectionURL\": \"https://www.bouncycastle.org/download/bouncy-castle-java/\", \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/\", \"vendor\": \"Legion of the Bouncy Castle Inc.\", \"modules\": [\"pkix\"], \"product\": \"BCPKIX-FIPS\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.6\", \"lessThan\": \"2.0.11\", \"versionType\": \"maven\"}, {\"status\": \"affected\", \"version\": \"2.1.7\", \"lessThan\": \"2.1.11\", \"versionType\": \"maven\"}], \"platforms\": [\"All\"], \"packageName\": \"bcpkix\", \"programFiles\": [\"JcaContentVerifierProviderBuilder.java\"], \"collectionURL\": \"https://www.bouncycastle.org/download/bouncy-castle-java-fips/\", \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-lts8on/\", \"vendor\": \"Legion of the Bouncy Castle Inc.\", \"modules\": [\"pkix\"], \"product\": \"BCPIX-LTS\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.73.7\", \"lessThan\": \"2.73.11\", \"versionType\": \"maven\"}], \"platforms\": [\"All\"], \"packageName\": \"bcpkix\", \"programFiles\": [\"JcaContentVerfierProviderBuilder.java\"], \"collectionURL\": \"https://www.bouncycastle.org/download/bouncy-castle-java-lts/\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\\n\\n This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\\n\\n\\n\\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\u003cp\u003e This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\u003c/p\u003e\u003cp\u003eThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-327\", \"description\": \"CWE-327 Use of a Broken or Risky Cryptographic Algorithm\"}]}], \"providerMetadata\": {\"orgId\": \"91579145-5d7b-4cc5-b925-a0262ff19630\", \"shortName\": \"bcorg\", \"dateUpdated\": \"2026-05-18T23:22:57.378Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-5588\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-18T23:22:57.378Z\", \"dateReserved\": \"2026-04-04T23:50:59.336Z\", \"assignerOrgId\": \"91579145-5d7b-4cc5-b925-a0262ff19630\", \"datePublished\": \"2026-04-15T09:06:15.617Z\", \"assignerShortName\": \"bcorg\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-1129

Vulnerability from csaf_certbund - Published: 2026-04-15 22:00 - Updated: 2026-06-10 22:00

Summary

Bouncy Castle BC-JAVA: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Bouncy Castle ist eine Kryptographie-API für Java.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Bouncy Castle BC-JAVA ausnutzen, um kryptografische Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2025-14813

Affected products

Known affected 10 products

Product	Identifier	Version
Open Source DBeaver <26.0.4 Open Source / DBeaver		<26.0.4
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
Open Source Bouncy Castle <1.84 Open Source / Bouncy Castle		<1.84
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Open Source Keycloak <26.6.2 Open Source / Keycloak		<26.6.2

CVE-2026-0636

Affected products

Known affected 10 products

Product	Identifier	Version
Open Source DBeaver <26.0.4 Open Source / DBeaver		<26.0.4
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
Open Source Bouncy Castle <1.84 Open Source / Bouncy Castle		<1.84
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Open Source Keycloak <26.6.2 Open Source / Keycloak		<26.6.2

CVE-2026-3505

Affected products

Known affected 10 products

Product	Identifier	Version
Open Source DBeaver <26.0.4 Open Source / DBeaver		<26.0.4
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
Open Source Bouncy Castle <1.84 Open Source / Bouncy Castle		<1.84
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Open Source Keycloak <26.6.2 Open Source / Keycloak		<26.6.2

CVE-2026-5588

Affected products

Known affected 10 products

Product	Identifier	Version
Open Source DBeaver <26.0.4 Open Source / DBeaver		<26.0.4
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
Open Source Bouncy Castle <1.84 Open Source / Bouncy Castle		<1.84
IBM MQ IBM	`cpe:/a:ibm:mq:-`	—
Open Source Keycloak <26.6.2 Open Source / Keycloak		<26.6.2

References

25 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://github.com/bcgit/bc-java/releases/tag/r1rv84	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://github.com/dbeaver/dbeaver/releases/tag/26.0.4	external
https://access.redhat.com/errata/RHSA-2026:11720	external
https://access.redhat.com/errata/RHSA-2026:11721	external
https://access.redhat.com/errata/RHSA-2026:13631	external
https://access.redhat.com/errata/RHSA-2026:14276	external
https://access.redhat.com/errata/RHSA-2026:14272	external
https://access.redhat.com/errata/RHSA-2026:17668	external
https://www.ibm.com/support/pages/node/7273145	external
https://access.redhat.com/errata/RHSA-2026:18059	external
https://access.redhat.com/errata/RHSA-2026:18054	external
https://access.redhat.com/errata/RHSA-2026:18055	external
https://www.keycloak.org/2026/05/keycloak-2662-released	external
https://access.redhat.com/errata/RHSA-2026:21772	external
https://access.redhat.com/errata/RHSA-2026:24977	external
https://www.ibm.com/support/pages/node/7275937	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bouncy Castle ist eine Kryptographie-API f\u00fcr Java.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Bouncy Castle BC-JAVA ausnutzen, um kryptografische Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1129 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1129.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1129 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1129"
      },
      {
        "category": "external",
        "summary": "BouncyCastle Wiki CVE-2025-14813 vom 2026-04-15",
        "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813"
      },
      {
        "category": "external",
        "summary": "BouncyCastle Wiki CVE-2026-0636 vom 2026-04-15",
        "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
      },
      {
        "category": "external",
        "summary": "BouncyCastle Wiki CVE-2026-3505 vom 2026-04-15",
        "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505"
      },
      {
        "category": "external",
        "summary": "BouncyCastle Wiki CVE-2026-5588 vom 2026-04-15",
        "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-04-15",
        "url": "https://github.com/bcgit/bc-java/releases/tag/r1rv84"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10571-1 vom 2026-04-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HGBBPEJ3FFTXLISJLILUZ4P6VWU4FBFE/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1639-1 vom 2026-04-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025753.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21404-1 vom 2026-04-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025782.html"
      },
      {
        "category": "external",
        "summary": "DBeaver Release 26.0.4 vom 2026-05-03",
        "url": "https://github.com/dbeaver/dbeaver/releases/tag/26.0.4"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11720 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:11720"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11721 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:11721"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13631 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:13631"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14276 vom 2026-05-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:14276"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14272 vom 2026-05-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:14272"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:17668 vom 2026-05-14",
        "url": "https://access.redhat.com/errata/RHSA-2026:17668"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273145 vom 2026-05-15",
        "url": "https://www.ibm.com/support/pages/node/7273145"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18059 vom 2026-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:18059"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18054 vom 2026-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:18054"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18055 vom 2026-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:18055"
      },
      {
        "category": "external",
        "summary": "Keycloak 26.6.2 release vom 2026-05-19",
        "url": "https://www.keycloak.org/2026/05/keycloak-2662-released"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21772 vom 2026-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:21772"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24977 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:24977"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7275937 vom 2026-06-11",
        "url": "https://www.ibm.com/support/pages/node/7275937"
      }
    ],
    "source_lang": "en-US",
    "title": "Bouncy Castle BC-JAVA: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-11T11:41:00.824+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1129",
      "initial_release_date": "2026-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-17T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-18T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM MQ",
            "product": {
              "name": "IBM MQ",
              "product_id": "T021398",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:mq:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "IP Edition 4.2.0",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition 4.2.0",
                  "product_id": "T048330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Network Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.84",
                "product": {
                  "name": "Open Source Bouncy Castle \u003c1.84",
                  "product_id": "T052875"
                }
              },
              {
                "category": "product_version",
                "name": "1.84",
                "product": {
                  "name": "Open Source Bouncy Castle 1.84",
                  "product_id": "T052875-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.84"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bouncy Castle"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.0.4",
                "product": {
                  "name": "Open Source DBeaver \u003c26.0.4",
                  "product_id": "T053463"
                }
              },
              {
                "category": "product_version",
                "name": "26.0.4",
                "product": {
                  "name": "Open Source DBeaver 26.0.4",
                  "product_id": "T053463-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dbeaver:dbeaver:26.0.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DBeaver"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.6.2",
                "product": {
                  "name": "Open Source Keycloak \u003c26.6.2",
                  "product_id": "T054335"
                }
              },
              {
                "category": "product_version",
                "name": "26.6.2",
                "product": {
                  "name": "Open Source Keycloak 26.6.2",
                  "product_id": "T054335-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:keycloak:keycloak:26.6.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Keycloak"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Apache Camel for Spring Boot",
                "product": {
                  "name": "Red Hat Enterprise Linux Apache Camel for Spring Boot",
                  "product_id": "T040879",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Dev Spaces \u003c3.28.0",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces \u003c3.28.0",
                  "product_id": "T054838"
                }
              },
              {
                "category": "product_version",
                "name": "Dev Spaces 3.28.0",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces 3.28.0",
                  "product_id": "T054838-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:dev_spaces__3.28.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14813",
      "product_status": {
        "known_affected": [
          "T053463",
          "T002207",
          "67646",
          "T040879",
          "T054838",
          "T027843",
          "T048330",
          "T052875",
          "T021398",
          "T054335"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-14813"
    },
    {
      "cve": "CVE-2026-0636",
      "product_status": {
        "known_affected": [
          "T053463",
          "T002207",
          "67646",
          "T040879",
          "T054838",
          "T027843",
          "T048330",
          "T052875",
          "T021398",
          "T054335"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-0636"
    },
    {
      "cve": "CVE-2026-3505",
      "product_status": {
        "known_affected": [
          "T053463",
          "T002207",
          "67646",
          "T040879",
          "T054838",
          "T027843",
          "T048330",
          "T052875",
          "T021398",
          "T054335"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-3505"
    },
    {
      "cve": "CVE-2026-5588",
      "product_status": {
        "known_affected": [
          "T053463",
          "T002207",
          "67646",
          "T040879",
          "T054838",
          "T027843",
          "T048330",
          "T052875",
          "T021398",
          "T054335"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-5588"
    }
  ]
}

WID-SEC-W-2026-1687

Vulnerability from csaf_certbund - Published: 2026-05-26 22:00 - Updated: 2026-05-26 22:00

Summary

IBM License Metric Tool: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Severity

Hoch

Notes

Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM License Metric Tool ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2024-26141

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2024-29371

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2024-34459

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-14917

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-14923

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-62718

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2025-6490

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-0636

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-1561

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22007

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22008

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22013

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22016

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22018

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-22021

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-23865

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-23907

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-26961

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33168

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33169

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33170

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33173

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33174

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33176

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33202

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-33929

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34230

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34268

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34282

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34763

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34785

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34786

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34826

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34829

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34830

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-34831

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-35611

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42033

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42034

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42035

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42036

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42037

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42038

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42039

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42040

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42041

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42042

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42043

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42044

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-42264

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-5588

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

CVE-2026-6918

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM License Metric Tool 9.2 IBM / License Metric Tool	`cpe:/a:ibm:license_metric_tool:9.2`	9.2

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7273983	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM License Metric Tool ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1687 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1687.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1687 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1687"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273983 vom 2026-05-26",
        "url": "https://www.ibm.com/support/pages/node/7273983"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM License Metric Tool: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2026-05-26T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-27T11:20:42.217+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1687",
      "initial_release_date": "2026-05-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM License Metric Tool 9.2",
                  "product_id": "T031605",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-26141",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-26141"
    },
    {
      "cve": "CVE-2024-29371",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-29371"
    },
    {
      "cve": "CVE-2024-34459",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2024-34459"
    },
    {
      "cve": "CVE-2025-14917",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-14917"
    },
    {
      "cve": "CVE-2025-14923",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-14923"
    },
    {
      "cve": "CVE-2025-62718",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-62718"
    },
    {
      "cve": "CVE-2025-6490",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-6490"
    },
    {
      "cve": "CVE-2026-0636",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-0636"
    },
    {
      "cve": "CVE-2026-1561",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-1561"
    },
    {
      "cve": "CVE-2026-22007",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22007"
    },
    {
      "cve": "CVE-2026-22008",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22008"
    },
    {
      "cve": "CVE-2026-22013",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22013"
    },
    {
      "cve": "CVE-2026-22016",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22016"
    },
    {
      "cve": "CVE-2026-22018",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22018"
    },
    {
      "cve": "CVE-2026-22021",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-22021"
    },
    {
      "cve": "CVE-2026-23865",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-23865"
    },
    {
      "cve": "CVE-2026-23907",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-23907"
    },
    {
      "cve": "CVE-2026-26961",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-26961"
    },
    {
      "cve": "CVE-2026-33168",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33168"
    },
    {
      "cve": "CVE-2026-33169",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33169"
    },
    {
      "cve": "CVE-2026-33170",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33170"
    },
    {
      "cve": "CVE-2026-33173",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33173"
    },
    {
      "cve": "CVE-2026-33174",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33174"
    },
    {
      "cve": "CVE-2026-33176",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33176"
    },
    {
      "cve": "CVE-2026-33195",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33195"
    },
    {
      "cve": "CVE-2026-33202",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33202"
    },
    {
      "cve": "CVE-2026-33929",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-33929"
    },
    {
      "cve": "CVE-2026-34230",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34230"
    },
    {
      "cve": "CVE-2026-34268",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34268"
    },
    {
      "cve": "CVE-2026-34282",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34282"
    },
    {
      "cve": "CVE-2026-34763",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34763"
    },
    {
      "cve": "CVE-2026-34785",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34785"
    },
    {
      "cve": "CVE-2026-34786",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34786"
    },
    {
      "cve": "CVE-2026-34826",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34826"
    },
    {
      "cve": "CVE-2026-34829",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34829"
    },
    {
      "cve": "CVE-2026-34830",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34830"
    },
    {
      "cve": "CVE-2026-34831",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-34831"
    },
    {
      "cve": "CVE-2026-35611",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-35611"
    },
    {
      "cve": "CVE-2026-42033",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42033"
    },
    {
      "cve": "CVE-2026-42034",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42034"
    },
    {
      "cve": "CVE-2026-42035",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42035"
    },
    {
      "cve": "CVE-2026-42036",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42036"
    },
    {
      "cve": "CVE-2026-42037",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42037"
    },
    {
      "cve": "CVE-2026-42038",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42038"
    },
    {
      "cve": "CVE-2026-42039",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42039"
    },
    {
      "cve": "CVE-2026-42040",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42040"
    },
    {
      "cve": "CVE-2026-42041",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42041"
    },
    {
      "cve": "CVE-2026-42042",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42042"
    },
    {
      "cve": "CVE-2026-42043",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42043"
    },
    {
      "cve": "CVE-2026-42044",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42044"
    },
    {
      "cve": "CVE-2026-42264",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-42264"
    },
    {
      "cve": "CVE-2026-5588",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-5588"
    },
    {
      "cve": "CVE-2026-6918",
      "product_status": {
        "known_affected": [
          "T031605"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-6918"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-5588 (GCVE-0-2026-5588)

WID-SEC-W-2026-1129

WID-SEC-W-2026-1687

Tags

Sightings

Nomenclature