CVE-2026-29000

This repository contains a functional proof-of-concept exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a PlainJWT with 'alg: none' and wraps it in a JWE encrypted with the target's public key, bypassing signature verification.

This repository contains a functional proof-of-concept exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a PlainJWT with 'alg: none' and wraps it in a JWE encrypted with the target's public key, bypassing signature verification.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass in pac4j-jwt due to improper handling of JWE-wrapped PlainJWT tokens. It includes a Python-based token forger, a Java PoC, and detailed documentation for operationalizing the exploit.

The repository contains a functional Python script that exploits CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts an unsigned JWT with administrative claims, wraps it in a JWE using the target's public key, and sends it to a protected endpoint to gain unauthorized access.

This repository contains a detailed technical analysis of CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The writeup explains the root cause, which involves improper verification of cryptographic signatures in JWE-wrapped PlainJWT tokens, allowing attackers to bypass signature verification and authenticate as any user.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass in pac4j-jwt. The exploit forges a valid admin token using only the public key from the /jwks endpoint by creating an unsigned PlainJWT (alg: none) inside a JWE envelope.

This repository contains a functional Rust exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a malicious JWT with 'alg: none' nested within an encrypted JWE container, bypassing signature validation.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit leverages a JWE (JSON Web Encryption) wrapping a PlainJWT (alg=none) to bypass signature validation, allowing unauthorized access to admin panels.

This repository contains a functional PoC for CVE-2026-29000, demonstrating an authentication bypass in pac4j-jwt by wrapping an unsigned PlainJWT inside a JWE token. The exploit leverages a logic flaw where the server skips signature verification for PlainJWT tokens after decryption.

This PoC exploits CVE-2026-29000 in pac4j-jwt by crafting an unsigned PlainJWT with admin claims, wrapping it in a JWE encrypted with the server's public key, and bypassing signature verification to gain unauthorized access.

This repository contains a functional exploit for CVE-2026-29000, demonstrating an authentication bypass and privilege escalation vulnerability in a JWT-based authentication system. The exploit generates malicious tokens using the target's public key to impersonate users and escalate privileges.

This repository contains a functional Python PoC for CVE-2026-29000, demonstrating an authentication bypass in pac4j JWT module by crafting a malicious JWE token with an unsigned PlainJWT. The exploit leverages incorrect JWT parsing logic to skip signature verification.

This PoC exploits CVE-2026-29000 by forging a JWE token with an 'alg: none' JWT payload, bypassing authentication in pac4j. It uses a public key to encrypt the token while the inner JWT remains unsecured.

This repository contains a functional exploit for CVE-2026-29000, demonstrating an authentication bypass in pac4j-jwt by crafting a PlainJWT with admin claims and wrapping it in a JWE token encrypted with the server's RSA public key.

This repository contains a functional library-level PoC for CVE-2026-29000 in pac4j-jwt, demonstrating an authentication bypass via forged JWT tokens. It tests vulnerable (6.0.3, 6.0.4.1) and patched (6.3.3) versions, showing attacker-controlled subject/role injection.