Detections
Analytics

Pac4J JWT < 4.5.9 / 5.x < 5.7.9 / 6.x < 6.3.3 Authentication Bypass (CVE-2026-29000) (Direct Check)

critical Nessus Plugin ID 303225

Synopsis

The remote host has a library that is affected by an authentication bypass vulnerability.

Description

The version of Pac4J JWT installed on the remote host is affected by an authentication bypass vulnerability.

 - pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators. (CVE-2026-29000)

Solution

Upgrade Pac4J JWT to version 4.5.9, 5.7.9, 6.3.3, or later based on the installed version branch.

See Also

http://www.nessus.org/u?f5e6e5b4

http://www.nessus.org/u?d8eb8dc2

http://www.nessus.org/u?d5374434

http://www.nessus.org/u?032b047b

http://www.nessus.org/u?43c4f2ad

Plugin Details

Severity: Critical

ID: 303225

File Name: pac4j_jwt_authentication_bypass_cve-2026-29000.nbin

Version: 1.1

Type: remote

Family: Web Servers

Published: 3/20/2026

Updated: 3/20/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.9

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2026-29000

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/a:pac4j:pac4j-jwt

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 3/2/2026

Vulnerability Publication Date: 3/4/2026

Reference Information

CVE: CVE-2026-29000