The Inventory team has published custom signatures to BigFix.me as well. These can be imported into BigFix Inventory to detect instances of the vulnerable pac4j-jwt, as well as newer instances that have been corrected already.
Detection through BigFix Inventory allows customers to perform detections while leveraging existing inclusion/exclusion and scan throttling configurations.
Please see the post at How to Use BigFix Inventory to Discover Endpoints Affected by pac4j-jwt (CVE-2026-29000) for details.