A critical security flaw in the popular Java authentication library pac4j-jwt allows attackers to completely bypass authentication and impersonate any user, including administrators. Tracked as CVE-2026-29000, this vulnerability carries a maximum CVSS score of 10.0 and requires nothing more than the server’s public RSA key to successfully exploit.​ Their automated tools and security engineers found […]

The post Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.