CVE-2026-29000

Source
https://cve.org/CVERecord?id=CVE-2026-29000
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29000.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-29000
Aliases
Published
2026-03-04T21:49:29.340Z
Modified
2026-07-16T03:31:06.024734784Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
pac4j-jwt JwtAuthenticator Authentication Bypass
Details

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Database specific
{
    "cwe_ids": [
        "CWE-347"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29000.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/pac4j/pac4j

Affected ranges

Type
GIT
Repo
https://github.com/pac4j/pac4j
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.5.9"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "5.7.9"
        },
        {
            "introduced": "6.0"
        },
        {
            "fixed": "6.3.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

6.*
6.0.4.1
pac4j-4.*
pac4j-4.0.0
pac4j-4.0.1
pac4j-4.0.2
pac4j-4.0.3
pac4j-4.1.0
pac4j-4.2.0
pac4j-4.3.1
pac4j-4.4.0
pac4j-4.5.0
pac4j-4.5.1
pac4j-4.5.2
pac4j-4.5.3
pac4j-4.5.4
pac4j-4.5.5
pac4j-4.5.6
pac4j-4.5.7
pac4j-4.5.8
pac4j-5.*
pac4j-5.0.0
pac4j-5.0.1
pac4j-5.1.0
pac4j-5.1.1
pac4j-5.1.2
pac4j-5.1.3
pac4j-5.1.4
pac4j-5.1.5
pac4j-parent-5.*
pac4j-parent-5.2.0
pac4j-parent-5.2.1
pac4j-parent-5.3.0
pac4j-parent-5.3.1
pac4j-parent-5.4.0
pac4j-parent-5.4.2
pac4j-parent-5.4.3
pac4j-parent-5.4.4
pac4j-parent-5.4.5
pac4j-parent-5.4.6
pac4j-parent-5.5.0
pac4j-parent-5.6.0
pac4j-parent-5.6.1
pac4j-parent-5.7.0
pac4j-parent-5.7.1
pac4j-parent-5.7.2
pac4j-parent-5.7.3
pac4j-parent-5.7.4
pac4j-parent-5.7.5
pac4j-parent-5.7.6
pac4j-parent-5.7.7
pac4j-parent-5.7.8
pac4j-parent-6.*
pac4j-parent-6.0.0
pac4j-parent-6.0.1
pac4j-parent-6.0.2
pac4j-parent-6.0.3
pac4j-parent-6.0.4
pac4j-parent-6.0.5
pac4j-parent-6.0.6
pac4j-parent-6.1.0
pac4j-parent-6.1.1
pac4j-parent-6.1.2
pac4j-parent-6.1.3
pac4j-parent-6.2.0
pac4j-parent-6.2.1
pac4j-parent-6.2.2
pac4j-parent-6.3.0
pac4j-parent-6.3.1
pac4j-parent-6.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29000.json"