Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high throughput, and low latency highly scalable streaming data storage features. Apache Pulsar is vulnerable to a data forgery issue, which stems from an error in the processing of JSON Web Token (JWT) based authentication requests, and can be exploited by remote attackers to bypass the authentication process.