Critical pac4j-jwt Auth Bypass (CVE-2026-29000): What Devs Must Know
A critical authentication bypass vulnerability (CVE-2026-29000) in pac4j-jwt allows attackers to forge valid tokens using only public keys. This CVSS 10-rated flaw affects countless Java applications relying on JWT authentication.
10 min read
|
Mar 09, 2026