CVE-2026-29000

This repository contains a functional proof-of-concept exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a PlainJWT with 'alg: none' and wraps it in a JWE encrypted with the target's public key, bypassing signature verification.

This repository contains a functional exploit for CVE-2026-29000, which leverages a vulnerability in pac4j-jwt where an unsigned JWT (alg=none) wrapped in a JWE is accepted as valid. The exploit fetches the server's RSA public key from a JWKS endpoint, crafts an unsigned JWT with arbitrary claims, and encrypts it into a JWE that the server will trust.

This repository contains a functional exploit for CVE-2026-29000, which targets pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3. The exploit forges an unsigned JWT (alg=none) and wraps it in a JWE encrypted with the server's RSA public key, bypassing authentication.

This repository contains a functional Python script that exploits CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit generates a malicious JWT token by wrapping an unsigned token in a JWE, which bypasses signature verification due to improper cryptographic validation.

This repository contains a functional exploit for CVE-2026-29000, which targets pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3. The exploit demonstrates an authentication bypass by wrapping an unsigned JWT (alg=none) inside a JWE encrypted with the server's RSA public key.

This repository contains a functional proof-of-concept exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a PlainJWT with 'alg: none' and wraps it in a JWE encrypted with the target's public key, bypassing signature verification.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass in pac4j-jwt due to improper handling of JWE-wrapped PlainJWT tokens. It includes a Python-based token forger, a Java PoC, and detailed documentation for operationalizing the exploit.

This repository contains a functional exploit PoC for CVE-2026-29000, demonstrating an authentication bypass in pac4j-jwt via JWE signature validation circumvention. It includes vulnerable and patched implementations, a lab environment, and a token forging endpoint to exploit the flaw.

This repository contains a functional exploit for CVE-2026-29000, demonstrating an authentication bypass in pac4j JWT implementation by crafting an unsigned JWT with arbitrary claims and wrapping it in a JWE token using the server's public key.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit forges a JWE-wrapped PlainJWT using only the server's RSA public key, allowing an attacker to authenticate as any user with arbitrary roles without requiring a private key or signature verification.

This repository contains a functional exploit for CVE-2026-29000, targeting the pac4j-jwt library. The exploit automates the process of extracting the server's public JWKS key, forging a JWT with 'alg: none', encrypting it into a JWE using the server's public key, and achieving authentication bypass to gain administrative privileges.

This repository provides a detailed technical walkthrough of exploiting CVE-2026-29000 in pac4j-jwt v6.0.3, including JWT authentication bypass, API enumeration, and SSH CA private key abuse for privilege escalation.

The repository contains a functional exploit for CVE-2026-29000, which leverages a vulnerability in pac4j-jwt where an unsigned PlainJWT (alg=none) is accepted if wrapped inside a JWE. The exploit fetches the server's RSA public key from a JWKS endpoint, forges an unsigned JWT with arbitrary claims, encrypts it into a JWE, and outputs the token for use in authentication bypass.

This repository contains a functional Python exploit for CVE-2026-29000, an authentication bypass vulnerability in the pac4j-jwt library. The exploit crafts a JWE-wrapped JWT with arbitrary roles using the 'none' algorithm and a public RSA key fetched from an exposed endpoint, granting admin-level access without authentication.

The repository contains a functional Python script that exploits CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts an unsigned JWT with administrative claims, wraps it in a JWE using the target's public key, and sends it to a protected endpoint to gain unauthorized access.

This repository contains a detailed technical analysis of CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The writeup explains the root cause, which involves improper verification of cryptographic signatures in JWE-wrapped PlainJWT tokens, allowing attackers to bypass signature verification and authenticate as any user.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass in pac4j-jwt. The exploit forges a valid admin token using only the public key from the /jwks endpoint by creating an unsigned PlainJWT (alg: none) inside a JWE envelope.

This repository contains a functional Rust exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit crafts a malicious JWT with 'alg: none' nested within an encrypted JWE container, bypassing signature validation.

This repository contains a functional exploit for CVE-2026-29000, an authentication bypass vulnerability in pac4j-jwt. The exploit leverages a JWE (JSON Web Encryption) wrapping a PlainJWT (alg=none) to bypass signature validation, allowing unauthorized access to admin panels.

This repository contains a functional PoC for CVE-2026-29000, demonstrating an authentication bypass in pac4j-jwt by wrapping an unsigned PlainJWT inside a JWE token. The exploit leverages a logic flaw where the server skips signature verification for PlainJWT tokens after decryption.

This PoC exploits CVE-2026-29000 in pac4j-jwt by crafting an unsigned PlainJWT with admin claims, wrapping it in a JWE encrypted with the server's public key, and bypassing signature verification to gain unauthorized access.

This repository contains a functional exploit for CVE-2026-29000, demonstrating an authentication bypass and privilege escalation vulnerability in a JWT-based authentication system. The exploit generates malicious tokens using the target's public key to impersonate users and escalate privileges.

This repository contains a functional Python PoC for CVE-2026-29000, demonstrating an authentication bypass in pac4j JWT module by crafting a malicious JWE token with an unsigned PlainJWT. The exploit leverages incorrect JWT parsing logic to skip signature verification.

This PoC exploits CVE-2026-29000 by forging a JWE token with an 'alg: none' JWT payload, bypassing authentication in pac4j. It uses a public key to encrypt the token while the inner JWT remains unsecured.

This repository contains a functional exploit for CVE-2026-29000, demonstrating an authentication bypass in pac4j-jwt by crafting a PlainJWT with admin claims and wrapping it in a JWE token encrypted with the server's RSA public key.

This repository contains a functional library-level PoC for CVE-2026-29000 in pac4j-jwt, demonstrating an authentication bypass via forged JWT tokens. It tests vulnerable (6.0.3, 6.0.4.1) and patched (6.3.3) versions, showing attacker-controlled subject/role injection.