pac4j-jwt authentication bypass via JWE-wrapped unsigned tokens
TL;DR — A critical flaw in pac4j-jwt lets attackers forge authentication tokens by wrapping unsigned JWTs in JWE encryption, bypassing signature verification entirely.
What happened
pac4j is a Java security framework that provides authentication and authorization support (including JWT validation) for web applications built on Spring, Play, and other JVM frameworks. CVE-2026-29000 describes a critical authentication bypass in pac4j-jwt's JwtAuthenticator. When processing encrypted JWTs (JWE), an attacker who has the server's RSA public key can craft a JWE-wrapped PlainJWT with arbitrary subject/role claims, bypassing signature verification entirely and authenticating as any user — including administrators.
RSA public keys are, by definition, public. This means the only barrier to exploitation is knowledge that the target uses pac4j-jwt with JWE — making this a CVSS 10.0 (Critical) with trivial exploit prerequisites.
Who is impacted
- pac4j-jwt in the following ranges:
| Branch | Affected | Fixed |
|---|---|---|
| 4.x | 4.0 to < 4.5.9 | 4.5.9 |
| 5.x | 5.0 to < 5.7.9 | 5.7.9 |
| 6.x | 6.0 to < 6.3.3 | 6.3.3 |
What to do now
- Follow vendor remediation guidance and apply the latest patched release available at the time of writing.
- If you cannot patch immediately, reduce exposure of services accepting JWE for authentication until patched.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.