CVE-2026-8149: CWE-1068 in Legion of the Bouncy Castle Inc. BC-FJA
CVE-2026-8149 is a medium severity vulnerability in Legion of the Bouncy Castle Inc. 's BC-FJA cryptographic library versions 2. 1. 0 through 2. 1. 2 on Linux x86_64 platforms with AVX and AVX-512f support. The issue affects the program files gcm128w and gcm512w. The vulnerability is classified under CWE-1068. No official patch or remediation guidance has been provided yet, and there are no known exploits in the wild.
AI Analysis
Technical Summary
This vulnerability, identified as CVE-2026-8149, affects the BC-FJA cryptographic library from Legion of the Bouncy Castle Inc., specifically versions 2.1.0 through 2.1.2. It impacts Linux x86_64 systems utilizing AVX and AVX-512f instruction sets and involves the gcm128w and gcm512w program files. The weakness is categorized under CWE-1068, which relates to insufficient protection against certain types of attacks or misuse. The CVSS 4.0 base score is 5.1, indicating a medium severity level. No vendor advisory or patch information is currently available, and no exploits have been reported in the wild.
Potential Impact
The vulnerability could potentially allow an attacker with local access to exploit weaknesses in the affected BC-FJA components, possibly leading to limited impact given the CVSS vector indicates local attack vector and low privileges required. However, no specific impact scenarios or exploitation details are provided. There are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been announced, users should monitor updates from Legion of the Bouncy Castle Inc. and plan to apply any forthcoming patches promptly. No other specific mitigation steps are indicated based on the available information.
CVE-2026-8149: CWE-1068 in Legion of the Bouncy Castle Inc. BC-FJA
Description
CVE-2026-8149 is a medium severity vulnerability in Legion of the Bouncy Castle Inc. 's BC-FJA cryptographic library versions 2. 1. 0 through 2. 1. 2 on Linux x86_64 platforms with AVX and AVX-512f support. The issue affects the program files gcm128w and gcm512w. The vulnerability is classified under CWE-1068. No official patch or remediation guidance has been provided yet, and there are no known exploits in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability, identified as CVE-2026-8149, affects the BC-FJA cryptographic library from Legion of the Bouncy Castle Inc., specifically versions 2.1.0 through 2.1.2. It impacts Linux x86_64 systems utilizing AVX and AVX-512f instruction sets and involves the gcm128w and gcm512w program files. The weakness is categorized under CWE-1068, which relates to insufficient protection against certain types of attacks or misuse. The CVSS 4.0 base score is 5.1, indicating a medium severity level. No vendor advisory or patch information is currently available, and no exploits have been reported in the wild.
Potential Impact
The vulnerability could potentially allow an attacker with local access to exploit weaknesses in the affected BC-FJA components, possibly leading to limited impact given the CVSS vector indicates local attack vector and low privileges required. However, no specific impact scenarios or exploitation details are provided. There are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been announced, users should monitor updates from Legion of the Bouncy Castle Inc. and plan to apply any forthcoming patches promptly. No other specific mitigation steps are indicated based on the available information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- bcorg
- Date Reserved
- 2026-05-08T05:23:49.585Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd8104cbff5d86109f55d2
Added to database: 5/8/2026, 6:21:56 AM
Last enriched: 5/8/2026, 6:36:31 AM
Last updated: 5/8/2026, 10:42:52 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.