Tag
A public exploit is available for CVE-2026-29000, a critical authentication bypass vulnerability in pac4j's JWT implementation, allowing attackers to forge admin tokens without a valid signature by exploiting flaws in the library's handling of unsigned tokens and JWE-wrapped tokens.