"has been made available by codeant ai systems affected : - if you use the 4. x line : upgrade to 4. 5. 9 ( or newer ) - if you use the 5. x line : upgrade to 5. 7. 9 ( or newer ) - if you use the 6. x line : upgrade to 6. 3. 3 ( or newer ) risk : government : businesses : home us…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
76%
"token with arbitrary claims. ( cve - 2026 - 29000 ) successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to bypass authentication and authenticate as any user ( including administrator ), with any role, without knowing a single secret. rec…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
61%
", hosted services, and physical premise controls ; frequency ; limitations, such as acceptable hours, and excluded attack types ; point of contact information ; remediation, such as how findings will be routed internally ; and retrospective requirements. - safeguard 18. 2 : perfo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
31%
"a vulnerability in pac4j - jwt ( jwtauthenticator ) could allow for authentication bypass a vulnerability in pac4j - jwt ( jwtauthenticator ) could allow for authentication bypass ms - isac advisory number : 2026 - 019date ( s ) issued : 03 / 05 / 2026overview : a vulnerability h…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A vulnerability has been discovered in pac4j-jwt (JwtAuthenticator) which could allow for authentication bypass. pac4j-jwt is a Java module within the pac4j security framework designed for generating, validating, and managing JSON Web Tokens (JWT) to secure web applications and services. It supports signed and encrypted tokens, primarily using the Nimbus JOSE+JWT library to handle authentication, profile generation, and signature configuration. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to bypass authentication and authenticate as any user (including administrator), with any role, without knowing a single secret.