Which versions of Jwt Attack are affected by CVE-2026-29000?

A critical vulnerability in pac4j-jwt (versions ≤4.5.9) allows attackers to bypass JWT signature verification, potentially enabling unauthorized access to applications that depend on this library for…. A patch is available.

Is there a public PoC exploit available for CVE-2026-29000?

Yes, a public proof-of-concept exploit is available for CVE-2026-29000. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-29000?

Within 24 hours: Inventory all applications using pac4j-jwt and identify those running versions ≤4.5.9; implement network segmentation to restrict access to affected services. Within 7 days: Apply the upgrade to pac4j-jwt 4.5.10 or later once released by the vendor; conduct regression testing in staging environments. Within 30 days: Complete production deployment of patched versions; perform security audit of JWT token handling and review access logs for signs of exploitation.

Jwt Attack CVE-2026-29000

Q: What is the CVSS score of CVE-2026-29000?

CVE-2026-29000 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

CRITICAL

Improper Verification of Cryptographic Signature (CWE-347)

2026-03-04 disclosure@vulncheck.com

GHSA-pm7g-w2cf-q238

Authentication Bypass Jwt Attack

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

Apr 16, 2026 - 16:22 NVD

9.1 (CRITICAL) 9.3 (CRITICAL)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 10, 2026 - 20:16 vuln.today

Public exploit code

CVE Published

Mar 04, 2026 - 22:16 nvd

CRITICAL 9.1

DescriptionCVE.org

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

AnalysisAI

JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain server's RSA public key

Delivery

Craft JWE-wrapped PlainJWT with admin claims

Exploit

Submit forged token to JwtAuthenticator

Execution

Bypass signature verification

Impact

Authenticate as administrator

Access

Obtain server's RSA public key

Delivery

Craft JWE-wrapped PlainJWT with admin claims

Exploit

Submit forged token to JwtAuthenticator

Execution

Bypass signature verification

Impact

Authenticate as administrator

Vulnerability AssessmentAI

Exploitation	pac4j-jwt versions prior to 4.5.9, 5.7.9, or 6.3.3 with JwtAuthenticator processing encrypted JWTs. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.1. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Forge JWT tokens to bypass authentication.
Remediation	Update pac4j-jwt. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all applications using pac4j-jwt and identify those running versions ≤4.5.9; implement network segmentation to restrict access to affected services. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48558 CRITICAL Act Now POC

9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2026-10795 HIGH This Week POC

8.1 Jun 11

Remote code execution in UpdraftPlus: WP Backup & Migration Plugin for WordPress (versions ≤1.26.4) allows unauthenticat

CVE-2026-41005 CRITICAL Act Now

9.0 Jun 11

Authentication bypass in Cloud Foundry UAA (User Account and Authentication) versions 2.0.0 through 78.13.0 allows remot

CVE-2026-50010 HIGH This Week

7.5 Jun 12

TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuild

CVE-2026-50634 MEDIUM This Month

6.5 Jun 11

Signature metadata trust bypass in Apache CXF's JwsJsonContainerRequestFilter allows an attacker who can send JWS JSON-s

CVE-2026-29000 vulnerability details – vuln.today

Back