CVE‐2026‐8149

Title: GCM chunking can lead to bad tag exception on decryption

Issue affecting: BC-LTS 2.73.0 to 2.73.10.

Fixed versions: BC-LTS 2.73.11

Platform affected: Java 8 and later (Intel platforms with AES PAA instructions sets)

Issue shows up intermittently where GCM is invoked for decryption using a combination of update() and then a doFinal(). It is possible to work around it by either using doFinal() only (as the BCJSSE does) or by configuring the module to run in pure Java mode, by setting the system property "org.bouncycastle.native.cpu_variant" to java.

Uh oh!

CVE‐2026‐8149

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally