Pac4j-jwt Product Security Update Advisory (CVE-2026-29000)

Mar 09 2026

Overview

PAC4J-JWT has released a security update to address a vulnerability in our its product. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2026-29000

pac4j-jwt version: 4.x
pac4j-jwt version: 5.x
pac4j-jwt version: 6.x

Resolved Vulnerabilities

Authentication bypass vulnerability in pac4j-jwt (CVE-2026-29000)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest version of Vulnerability Patches.

CVE-2026-29000

pac4j-jwt version: 4.5.9 or later
pac4j-jwt version: 5.7.9 or later
pac4j-jwt version: 6.3.3 and later

References

[1] Security advisory for pac4j-jwt (JwtAuthenticator)
https://www.pac4j.org/blog/security-advisory-pac4j-jwt-jwtauthenticator.html

Pac4j-jwt Product Security Update Advisory (CVE-2026-29000)

Google Chrome browser (145.0.7632.159/160) security update advisory

Microsoft Edge browser (145.0.7632.159/160) version security update advisory

Tags:

Google Chrome browser (145.0.7632.159/160) security update advisory

Microsoft Edge browser (145.0.7632.159/160) version security update advisory