A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS score of 10.0 and requires nothing more than the server’s public RSA key to successfully exploit.”‹ Their automated tools and security engineers found […] The post Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/critical-pac4j-jwt-authentication-bypass-vulnerability-allows-attackers-to-impersonate-any-user/
