Return
-
Title
Safeguard Authentication Services (SAS) Impact Analysis for CVE‑2026‑29000 -
Description
This article addresses customer concerns regarding CVE‑2026‑29000, a reported vulnerability in pac4j‑jwt involving the JwtAuthenticator component, which could potentially allow authentication bypass in applications using that library.
After internal review and consultation with SAS engineering, Safeguard Authentication Services (SAS) has been confirmed not affected by this vulnerability. -
Resolution
SAS does not utilize pac4j, pac4j‑jwt, or the
JwtAuthenticatorcomponent in any capacity.
Therefore:- SAS is not exposed to the conditions described in CVE‑2026‑29000.
- No code paths within SAS rely on the vulnerable library.
- No upgrades, patches, or configuration changes are required for SAS customers.
This determination has been validated by One Identity engineering (R&D).