Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.pac4j/pac4j-jwt 6.1.0 | Vulnerabilities | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.pac4j
pac4j-jwt
6.1.0
pac4j-jwt 6.1.0
org.pac4j
Published
Nov 6, 2024
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
146
Versions
146
Vulnerabilities
1
Vulnerabilities
1
Dependencies
6
Dependencies
6
Reset filters
Severity
Critical
(1)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.1
CVE-2026-29000
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
affected
Severity
Critical
Published
Mar 5, 2026