start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
  | April 3, 2026

CVE-2026-29000: HCL BigFix Ships Free CVSS 10 Detection

Ram Narayan Prasad
Ram Narayan Prasad
Product Marketing Manager for HCL BigFix
Sulabh Jangra
Sulabh Jangra Co-Author
Product Manager, BigFix | HCLSoftware
CVE-2026-29000: HCL BigFix Ships Free CVSS 10 Detection

A maximum-severity authentication bypass hit enterprise Java applications. HCL BigFix is the first to be detection-ready. 

Key Takeaways:

  • CVE-2026-29000 is a CVSS 10.0 authentication bypass in pac4j-jwt affecting Java applications across the enterprise. Public exploits exist.
  • Standard vulnerability scanners miss it. The library can be buried within application packages, requiring filesystem-level scanning to detect.
  • HCL BigFix shipped free detection within 72 hours, using the same proven playbook from its 2022 Log4Shell response. No other endpoint platform has announced comparable capability.
  • Detection speed is the differentiator. When the next CVSS 10 drops, will your platform have detection ready in days or weeks?

CVE-2026-29000 is a critical authentication bypass (CVSS 10.0) in the pac4j-jwt Java library, disclosed on March 4, 2026. Attackers with access to a server’s RSA public key can forge JWT tokens and authenticate as any user—including administrators—without credentials. Because pac4j-jwt is often bundled inside WAR files, shaded JARs, and nested dependencies, many organizations won’t know they’re running it. Standard network-based and signature-based scanners cannot detect it. Finding it requires filesystem-level scanning across every endpoint.

HCL BigFix shipped a free detection tool within 72 hours of disclosure. As of this writing, no other endpoint management platform has announced a comparable capability.

What HCL BigFix Shipped and How Fast

On March 7, three days after disclosure, HCL BigFix published a detection methodology on the BigFix Forum, followed by official content on the BES Inventory and License site by March 10. This follows the same Logpresso-based scanning playbook that HCL BigFix used during Log4Shell in 2022: rapid content development, filesystem-level scanning at scale, and centralized result reporting.

Date

Action

March 4

CVE-2026-29000 was publicly disclosed. CVSS 10.0 confirmed.

March 7

The HCL BigFix team publishes detection methodology and a custom scanner on the BigFix Forum.

March 10

Digitally signed scanner (v3.0.2) hosted at software.bigfix.com. Official Fixlets published.

  • pac4j-jwt Scanner (v3.0.2): Inspects JAR files across endpoint filesystems to identify vulnerable library versions.
  • HCL BigFix Fixlets: Fixlet 607 is a Task — deploy it first to run the scan and find vulnerable pac4j-jwt versions on endpoints. Fixlet 608 is an Analysis — activate it to report which endpoints are vulnerable, with results visible directly in the BigFix console.
  • Open Source: Full source code at github.com/bigfix/content for review before deployment.

A HCL BigFix community member confirmed on March 8 that detection was not yet available in the leading vulnerability management and endpoint security platforms they evaluated. HCL BigFix was already live.

What to Look for in Your Endpoint Platform

Not every endpoint architecture can handle embedded-library threats like this. Here’s what separates platforms that can respond from those that can’t:

Capability

Common Gap

What HCL BigFix Delivers

Filesystem Scanning

Network-based or agentless scans cannot inspect JAR contents inside application packages.

Agent-based architecture scans each endpoint’s disk for vulnerable libraries in WAR files, shaded JARs, and nested dependencies.

Custom Content Speed

Platforms requiring customers to script their own detection leave a gap during the critical first days.

Digitally signed detection content shipped first than other vendors. Community content is available even earlier.

Cross-Platform Depth

Single-OS platforms miss Java apps running across mixed environments.

120+ operating systems. Java runs everywhere—detection must too.

Centralized Reporting

Manual aggregation across thousands of endpoints wastes response time.

Results flow directly to the BigFix console. Zero manual aggregation.

Air-Gapped Coverage

Cloud-first platforms cannot scan disconnected endpoints.

Continuous management in disconnected environments—critical for regulated industries.

What Immediate Actions Address CVE-2026-29000?

For HCL BigFix Users

All Organizations

  • Upgrade pac4j-jwt to 4.5.9, 5.7.9, or 6.3.3 immediately. This is the only durable fix.
  • Audit authentication logs for token forgery or unauthorized admin access since March 4, 2026.
  • Watch for anomalous token formats. JWS = 3 dot-separated segments. JWE = 5. Unexpected JWE tokens are a red flag.

Not On HCL BigFix?

  • Learn more and get a CVE-2026-29000 exposure assessment

FAQ

1. What is CVE-2026-29000?

A CVSS 10.0 authentication bypass in the pac4j-jwt Java library. Attackers can forge JWT tokens to impersonate any user, including administrators and versions before 4.5.9, 5.7.9, and 6.3.3 are affected. (Learn more)

2. How does HCL BigFix detect it?

A custom filesystem scanner deployed via Fixlet content scan file system and inspects JAR files on each endpoint. Results report directly to the BigFix console.

3. Is the detection tool free?

Yes. Available at no additional cost in the BES Inventory and License site.

4. Can other endpoint platforms detect this?

As of March 18, 2026, no other endpoint management platform has published a specific detection tool for CVE-2026-29000. Organizations should verify with their vendor whether filesystem-level JAR scanning is supported.

Ram Narayan Prasad
Ram Narayan Prasad
Product Marketing Manager for HCL BigFix
Ram Narayan Prasad, Product Marketing Manager in the HCL BigFix team at HCLSoftware, leads product marketing by designing strategies, crafting targeted content, and driving customer-focused campaigns. An MBA from FMS Delhi, he excels in building awareness and positioning solutions effectively.
Read more
Sulabh Jangra
Sulabh JangraCo-Author
Product Manager, BigFix | HCLSoftware
Sulabh Jangra is a Product Manager at HCLSoftware, leading advancements in HCL BigFix Patch Management through close collaboration with customers and industry stakeholders. With a background in IT product development and business analysis, Sulabh delivers solutions that address real-world enterprise challenges. Since joining HCL BigFix in 2025, he has focused on building features that enhance security, efficiency, and customer value.
Read more

Topics in this article:

CVE-2026-29000CVE detectionvulnerability detectionCVSS 10 vulnerabilityauthentication bypassendpoint securityendpoint managementvulnerability managementJava securityJWT securitypac4j-jwt vulnerabilityzero-day vulnerabilitythreat detectionapplication securityHCL BigFixBigFix Remediatepatch managementsecurity automationfilesystem scanningenterprise security

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Connect with us

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


bigfix
  |  February 17, 2023
HCL BigFix Endpoint Management Certification
HCL Software is excited to announce that you can now earn the certification for HCL BigFix Platform 10! This certification exam is a way to confirm the knowledge and skills required to plan, install, upgrade, configure, troubleshoot, and performance tune BigFix v10.
Uffe Sorensen
Angela Wood
Senior Marketing Campaign Manager
bigfix
  |  July 28, 2023
Streamlining IT Operations with BigFix Secure Infrastructure Automation
Discover how infrastructure automation with HCL BigFix transforms IT operations. Understand the benefits of infrastructure automation, including faster workflows, compliance, and reduced risks.
Uffe Sorensen
Sana Nair
Product Marketing Manager
bigfix
HCLSoftware | November 7, 2022
Viewing Endpoint Management Through a Security Lens
Explore how proactive security transforms endpoint management with real-time risk prioritization, automated remediation, and reduced attack surface at scale.
Uffe Sorensen
Dan Wolff
Director of Solutions and Product Marketing for BigFix
start portlet menu bar end portlet menu bar