CVE-2026-29000

CRITICAL
2026-03-04 [email protected] GHSA-pm7g-w2cf-q238
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
PoC Detected
Mar 10, 2026 - 20:16 vuln.today
Public exploit code
CVE Published
Mar 04, 2026 - 22:16 nvd
CRITICAL 9.1

Tags

Authentication Bypass

Description

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Analysis

JWT authentication bypass in pac4j-jwt before 4.5.9/5.7.9/6.3.3 when processing encrypted JWTs. PoC available.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all applications using pac4j-jwt and identify those running versions ≤4.5.9; implement network segmentation to restrict access to affected services. Within 7 days: Apply the upgrade to pac4j-jwt 4.5.10 or later once released by the vendor; conduct regression testing in staging environments. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

66
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: +20

Share

CVE-2026-29000 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy