1. Critical Pac4j-JWT Flaw (CVE-2026-29000) Exposes Authentication Bypass Risk
A critical security vulnerability in the widely used pac4j-jwt library allows attackers to forge authentication tokens and bypass signature verification entirely. Designated CVE-2026-29000, the flaw resides in the JwtAuthenticator component when processing encrypted JWTs. An attacker in possession of the server's RSA p...