Vulnerability in Bitcoinj Library Affecting P2PKH and P2WPKH Transactions
CVE-2026-44714
7.5HIGH
What is CVE-2026-44714?
The Bitcoinj library, a Java implementation of the Bitcoin protocol, contains critical verification flaws in its ScriptExecution.correctlySpends() method. In versions prior to 0.17.1, these flaws allow an attacker to exploit vulnerabilities related to the fast-path verification for standard P2PKH and native P2WPKH spends. The library inadequately verifies that the public key matches the output being spent, allowing any attacker-controlled key pair to pass local verification checks, which could lead to unauthorized transactions. The issue has been resolved in version 0.17.1.
Affected Version(s)
bitcoinj < 0.17.1