Cyber Posture

CVE-2026-29000

CriticalPublic PoC

Published: 04 March 2026

Published
04 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0009 25.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2026-29000, published on 2026-03-04, is an authentication bypass vulnerability (CWE-347) in the JwtAuthenticator component of pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3. The flaw occurs when processing encrypted JWTs (JWE), enabling attackers to forge authentication tokens. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.

Remote attackers who possess the server's RSA public key can exploit this by creating a JWE-wrapped PlainJWT with arbitrary subject and role claims. This bypasses signature verification, allowing authentication as any user, including administrators, without requiring privileges or user interaction.

Advisories recommend upgrading to pac4j-jwt versions 4.5.9, 5.7.9, or 6.3.3 to mitigate the vulnerability. Additional details are available in security notices from CodeAnt AI (https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key), the pac4j project (https://www.pac4j.org/blog/security-advisory-pac4j-jwt-jwtauthenticator.html), and VulnCheck (https://www.vulncheck.com/advisories/pac4j-jwt-jwtauthenticator-authentication-bypass).

Details

CWE(s)
CWE-347

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1606 Forge Web Credentials Credential Access
Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote exploitation of a public-facing authentication component (T1190), forging JWT authentication tokens using the public key (T1606), resulting in privilege escalation from no privileges to administrator (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References