VYPR

Maven package

org.pac4j/pac4j-jwt

pkg:maven/org.pac4j/pac4j-jwt

Vulnerabilities (1)

  • CVE-2026-29000CriMar 4, 2026
    affected >= 6.0.4.1, < 6.3.3fixed 6.3.3

    pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wr