Authentication bypass in pac4j-jwt via public key

CodeAnt AI researchers have demonstrated that the pac4j-jwt (Java) library improperly verifies JWT signatures, allowing a public key to be used as a private one. The vulnerability, tracked as CVE-2026-29000 (CVSS 10.0), allows authentication bypass and token issuance on behalf of any user, including administrators.

An attacker only needs access to the public key to generate a valid token and gain full access without knowledge of the private key. This issue exists in the default pac4j-jwt configuration and requires no elevated privileges for exploitation.

📎 Article: https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key

💬 Discuss