Ecosystem	Package	Version

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

Vulnerabilities

CVE-2026-29000

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Published Mar 5, 2026

https://www.vulncheck.com/advisories/pac4j-jwt-jwtauthenticator-authentication-bypass

CVSS ScoreCritical

9.1

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-29000

Published Mar 5, 2026

https://www.vulncheck.com/advisories/pac4j-jwt-jwtauthenticator-authentication-bypass

CVSS ScoreCritical

9.1

Ecosystem	Package	Version

CVE-2026-29000 | Sonatype Research | Sonatype Guide

Sonatype Research Data

Explanation: Sonatype's security research team provides comprehensive analysis of this vulnerability, including detailed explanations of the attack vectors, affected code patterns, and real-world exploitation scenarios. This proprietary research helps development teams understand the full scope and impact of the security issue.
Detection: Sonatype has advanced methods and detection techniques to detect whether your applications and infrastructure are affected by this vulnerability. Sonatype's detection guidance includes code patterns to search for, configuration checks to perform, and runtime indicators that signal potential exploitation.
Recommendation: Sonatype provides expert remediation guidance tailored to this specific vulnerability, including mitigation strategies, secure coding practices, and version upgrade recommendations. Sonatype recommendations help you prioritize and implement fixes efficiently while minimizing risk to your applications.