A critical vulnerability in the widely used Java authentication library pac4j-jwt exposes applications to total authentication bypass, enabling attackers to impersonate any user, including admins. Tracked as CVE-2026-29000, it scores a perfect 10.0 on the CVSS scale, making it one of the most severe flaws in recent open-source history. Remote attackers need only the server’s […] The post Critical pac4j-jwt Authentication Bypass Lets Attackers Impersonate Any User appeared first on Cyber Security News.