CVE-2026-44714: bitcoinj Library Flaw Allows Arbitrary P2PKH/P2WPKH Spends

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-347
CVE-2026-44714: bitcoinj Library Flaw Allows Arbitrary P2PKH/P2WPKH Spends

The bitcoinj library, a Java implementation of the Bitcoin protocol, contains a critical vulnerability, CVE-2026-44714. Prior to version 0.17.1, two fast-path verification bugs existed in ScriptExecution.correctlySpends() for standard P2PKH and native P2WPKH transactions. This flaw, rated 7.5 (HIGH) by the National Vulnerability Database, enables an attacker to bypass critical public key verification.

Specifically, the National Vulnerability Database notes that bitcoinj incorrectly verifies attacker-controlled signature/public-key pairs without confirming that the public key corresponds to the committed output being spent. This means an attacker can use any keypair to satisfy bitcoinj’s local verification for arbitrary P2PKH and P2WPKH outputs. The implications are severe for any application relying on bitcoinj for transaction validation.

Defenders must recognize that this isn’t a theoretical flaw. It directly impacts the integrity of transaction verification within bitcoinj. Organizations using this library in cryptocurrency applications, exchanges, or wallets must upgrade to version 0.17.1 immediately. Failure to do so leaves their systems vulnerable to unauthorized transaction validation, potentially leading to asset loss or manipulation.

What This Means For You

  • If your organization utilizes the bitcoinj library, you are directly exposed. This isn't just a bug; it's a fundamental bypass of transaction integrity. You need to immediately identify all instances of bitcoinj in your infrastructure and ensure they are patched to version 0.17.1 or higher. Audit any applications that rely on bitcoinj's transaction verification logic, as an attacker could have exploited this to validate illegitimate spends.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-44714: bitcoinj Library Arbitrary Spend Attempt

Sigma YAML — free preview 
title: CVE-2026-44714: bitcoinj Library Arbitrary Spend Attempt
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
  Detects potential exploitation of CVE-2026-44714 by identifying processes that load or interact with the bitcoinj library and specifically call the vulnerable ScriptExecution.correctlySpends() method. This indicates an attempt to leverage the flaw for arbitrary spends.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-44714/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|contains:
          - 'bitcoinj'
      CommandLine|contains:
          - 'ScriptExecution.correctlySpends'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-44714 Auth Bypass bitcoinj library versions prior to 0.17.1
CVE-2026-44714 Auth Bypass ScriptExecution.correctlySpends() function in core/src/main/java/org/bitcoinj/script/ScriptExecution.java
CVE-2026-44714 Auth Bypass Fast-path verification bugs for standard P2PKH and native P2WPKH spends

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 15, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

coreMQTT CVE-2026-8686: DoS via Crafted MQTT v5.0 Packet

CVE-2026-8686 — Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service...

vulnerabilityCVEhigh-severitydenial-of-servicecwe-125
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 4 IOCs /⚙ 1 Sigma

Vvveb CMS Vulnerability (CVE-2026-46408) Allows Cart Hijacking

CVE-2026-46408 — Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /7.6 /⚑ 3 IOCs /⚙ 2 Sigma

Vvveb CMS API Token Disclosure (CVE-2026-46407) High Severity

CVE-2026-46407 — Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 2 Sigma