A critical vulnerability (CVE-2026-29000) has been disclosed in pac4j-jwt, a widely used Java authentication library. Under impacted conditions, an attacker may be able to bypass authentication entirely and impersonate any user—including administrators. This is an identity-layer vulnerability: if a vulnerable [...]