Vulnerability Description
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-
- https://www.pac4j.org/blog/security-advisory-pac4j-jwt-jwtauthenticator.html
- https://www.vulncheck.com/advisories/pac4j-jwt-jwtauthenticator-authentication-b
FAQ
What is CVE-2026-29000?
CVE-2026-29000 is a vulnerability with a CVSS score of 9.1 (CRITICAL). pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authenticati...
How severe is CVE-2026-29000?
CVE-2026-29000 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-29000?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.