Red Hat Product Errata RHSA-2026:12267 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12267 - Security Advisory Overview Updated Packages Synopsis Important: Red Hat JBoss Enterprise Application Platform 7.4.24 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons (CVE-2026-5598) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. Solution Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 Affected Products JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 9 x86_64 JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 8 x86_64 JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 7 x86_64 Fixes BZ - 2458635 - CVE-2026-5598 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons JBEAP-32774 - [PST](7.4.z) Upgrade bouncycastle from 1.78.1 to 1.84+ CVEs CVE-2026-5598 References https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index https://access.redhat.com/articles/7137599 Note: More recent versions of these packages may be available. Click a package name for more details. JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 9 SRPM eap7-bouncycastle-1.84.0-1.redhat_00001.1.el9eap.src.rpm SHA-256: a9320563183a09407f7b883f0d8130459eaf5d95cfb8b1b1168afe2419c78229 x86_64 eap7-bouncycastle-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: a7789b06c88cac9d0f77b9f1b31366781858b5520527a3bd9132adc32ae2d2da eap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 20ce602774cd959a5ce8d908fb338c2158dbe601649378c167546e769d979b5f eap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 6c689e9af91af9cf52e6cd5218edde5fa834ff33b5b611861aab5d15ea0bbfb4 eap7-bouncycastle-pkix-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: bd58d2c399663711da2f2b91dc40b51712d3a870fabea3ab11e4030a829ea8fb eap7-bouncycastle-prov-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 067bb1d03b2a5d3f20ef66e02d81f94e73c4b22f69ebf8039b257c7f7b94dd60 eap7-bouncycastle-util-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 13be5d09d9ed7c14988860cd44d418a56df0c6720c0130982e530c88ff9ec76f JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 8 SRPM eap7-bouncycastle-1.84.0-1.redhat_00001.1.el8eap.src.rpm SHA-256: ac76e69fd522022952fc08aa40799a950b2624ee90c4e54573236416ce5e3cfb x86_64 eap7-bouncycastle-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 2ee831e60df0ab4ef27584050ee299ab6d3941a57364fe2171535b509d830ef8 eap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: e49c649a087d657d99698b92cc480588800bd3f29762d23db371e35dc6497f85 eap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: e66243cfc35182ba0bc87ad6e7bac140b3e8251b7823eed4a00b1d1f534120f3 eap7-bouncycastle-pkix-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 8a2b725130f0b5323ac2ec092e4e0244c1af387be035e235697d0d14e18083d2 eap7-bouncycastle-prov-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: bd4cb1b1f09b16973c3285f47d4b141672dc3d1c98f261c8e6a8ae0cbc8b41eb eap7-bouncycastle-util-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: a34ad06707c00ddbceed91604814ac6db0117f6a07969ca769ec933017c7f794 JBoss Enterprise Application Platform 7.4 ELS 7.4 for RHEL 7 SRPM eap7-bouncycastle-1.84.0-1.redhat_00001.1.el7eap.src.rpm SHA-256: 16a1bcf2336aab80574c863c3e5f4a3c682bad9b26a6c6c49a8fc7841574f54e x86_64 eap7-bouncycastle-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 46c014835667bb8f5276de035a6b5f39e57d33fb1bc413e41041fcbae9444b66 eap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 5dd1173ef7142ce7b2e4d13e8ea375545837b078894dfd9570723f84f0ca893c eap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: b44ae203632f5452159174229443bd25ff28443fe9daae0b770890cfa15e060a eap7-bouncycastle-pkix-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 2141d671de6a272f8f0cdec2e4fe0e9155a5d4dbb87262a392810305b8aefe76 eap7-bouncycastle-prov-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: a663dcd93d5b68953015eb62a79a65e2046fffa4fea582a40de8528ce77968e4 eap7-bouncycastle-util-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 8d2afa8593b8541556d50d6ebf9eb97d679ce2b558c02f126efc1d8087617a4e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .