14 matches found
Exploit for CVE-2026-29000
Lab Demo CVE-2026-29000: pac4j-jwt Authentication Bypass Mรดi...
Exploit for CVE-2026-29000
CVE-2026-29000: pac4j JWT Authentication Bypass PoC Proof...
Exploit for CVE-2026-29000
๐ CVE-2026-29000 - pac4j-jwt Authentication Bypass Exploit !...
Exploit for CVE-2026-29000
CVE-2026-29000-pac4j-jwt-auth-byp...
Exploit for CVE-2026-29000
cve-2...
Exploit for CVE-2026-29000
CVE-2026-29000 โ pac4j-jwt PlainJWT-in-JWE Authentication Bypa...
Exploit for CVE-2026-29000
CVE-2026-29000 - pac4j-jwt Authentication Bypass PoC Not...
CVE-2026-29000
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...
ba.sake:pac4j-testkit (>=0.1.0 <=0.2.0), com.baomidou:shaun-core (=2.0.0) +5 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=6.0.3 <=6.2.2)
org.pac4j:pac4j-jwt MAVEN version =6.0.3, =0.1.0, =7.1.0, =7.1.0, =7.3.4 Source cves: CVE-2026-29000 Source advisory: SNYK:JAVA-ORGPAC4J-15428218...
com.efluid.oss:efluid-datagate-app (>=3.1.3 <=6.1.5), com.efluid.oss:efluid-datagate-app-cucumber (>=3.1.3 <=6.1.5) +5 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=5.0.1 <=5.7.8)
org.pac4j:pac4j-jwt MAVEN version =5.0.1, =3.1.3, =3.1.3, =0.8.0, =0.8.0, =2.0.6, =2.2.1, =2.0.6, =2.1.0 Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...
cc.akkaha:asura-play_2.12 (>=0.5.0 <=0.6.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.7.0) +305 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=1.8.2 <=4.5.8)
org.pac4j:pac4j-jwt MAVEN version =1.8.2, =0.5.0, =0.1.0, =1.0, =1.0, =1.1, =1.1.0, =1.1.1, =1.1.1, =1.1.1, =1.0.0-beta-21, =1.0.0-beta-21, =1.0.0.RELEASE, =0.2.0, =0.2.0, =0.2.0, =0.9.0 and more Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...
ba.sake:pac4j-testkit (>=0.1.0 <=0.2.0), com.github.hiwepy:pac4j-spring-boot-starter (=3.3.x.20241020.RELEASE) +2 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=6.0.5 <=6.2.2)
org.pac4j:pac4j-jwt MAVEN version =6.0.5, =0.1.0, =7.1.0, =7.1.0, =7.3.4 Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...
CVE-2026-29000
creationtimestamp| type| source ---|---|--- 2026-03-04 22:17:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgbcrw7c2u2s 2026-03-05 00:43:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgbkx4u4ue2v 2026-03-05 03:00:29+00:00| seen|...
CVE-2026-29000 pac4j-jwt JwtAuthenticator Authentication Bypass
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...