1. CVE-2026-5588: Bouncy Castle bcpkix Flaw Accepts Empty Signature Sequences as Valid
A cryptographic vulnerability has been identified in the Bouncy Castle Java library's bcpkix module, enabling the PKIX draft CompositeVerifier to accept empty signature sequences as valid. The flaw, tracked as CVE-2026-5588, affects all versions from 1.49 to 1.84 and carries a CVSS severity score of 6.3 (moderate). Th...