Maven package
org.pac4j/pac4j-jwt
pkg:maven/org.pac4j/pac4j-jwt
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29000 | Cri | 9.1 | >= 6.0.4.1, < 6.3.3 | 6.3.3 | Mar 4, 2026 | pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wr |
- affected >= 6.0.4.1, < 6.3.3fixed 6.3.3
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wr