Browse all 4 CVE security advisories affecting pac4j. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pac4j is an open-source Java security framework that provides authentication and authorization for web applications, supporting over 30 integration protocols. Historically, vulnerabilities have included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from improper input validation or insecure default configurations. The framework's modular architecture introduces potential attack surfaces through its numerous connectors. While no major public incidents have been documented, the four recorded CVEs highlight risks in components like OAuth and SAML implementations, emphasizing the need for careful configuration and regular updates when implementing this authentication solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40459 | LDAP Injection in PAC4J — PAC4JCWE-90 | 8.1AI | HighAI | 2026-04-17 |
| CVE-2026-40458 | Cross-Site Request Forgery in PAC4J — PAC4JCWE-352 | 6.5AI | MediumAI | 2026-04-17 |
| CVE-2026-29000 | pac4j-jwt JwtAuthenticator Authentication Bypass — pac4j-jwtCWE-347 | 9.1 | Critical | 2026-03-04 |
| CVE-2023-25581 | Deserialization of untrusted data in InternalAttributeHandler in pac4j — pac4jCWE-502 | 9.8AI | CriticalAI | 2024-10-10 |
This page lists every published CVE security advisory associated with pac4j. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.