Ignore CVE-2026-0636 since it is not applicable

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2026-04-22 11:20:03 +0200
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2026-04-22 11:20:03 +0200
commit: 3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b (patch)
tree: f7b03f77b17faed7e13b1788df586cd3edb396e4
parent: 0cc91ce3567e410bd20e9d013d9167fad45f2bfd (diff)
download: mullvadvpn-3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b.tar.xz
mullvadvpn-3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index fe51b7f6ef..243f137408 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -120,3 +120,9 @@ reason = "The app does not use dependency directly, it is used by AGP that build
 id = "CVE-2025-48924"  # GHSA-j288-q9x7-2f5v
 ignoreUntil = 2026-08-01
 reason = "The app does not use dependency directly, it is used by AGP that builds the app, no impact on app"
+
+# Bouncy Castle has an LDAP injection
+[[IgnoredVulns]]
+id = "CVE-2026-0636"  # GHSA-c3fc-8qff-9hwx
+ignoreUntil = 2026-08-01
+reason = "The app does not use dependency directly, it is used by AGP that builds the app, no impact on app"
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2026-04-22 11:20:03 +0200
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2026-04-22 11:20:03 +0200
commit	3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b (patch)
tree	f7b03f77b17faed7e13b1788df586cd3edb396e4
parent	0cc91ce3567e410bd20e9d013d9167fad45f2bfd (diff)
download	mullvadvpn-3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b.tar.xz mullvadvpn-3eb31ffa6514d5ad0a4cc326d877b038ba7fc79b.zip