TI Mindmap HUB
Threat Intelligence Report

CVE-2026-29000: Critical Auth Bypass in pac4j-jwt: Full PoC Using Only a Public Key

📅 March 22, 2026 📰 www.codeant.ai 🔍 1 CVE(s) referenced

A critical flaw in pac4j-jwt (CVE-2026-29000, CVSS 10) allows anyone with only the server’s public RSA key to bypass authentication entirely and impersonate any user—including admins—by submitting an unsigned, encrypted JWT, making immediate patching essential.

vendor
CVE-2026-29000

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle