VYPR
Vendor

Casdoor

Products
1
CVEs
23
Across products
23
Status
Private

Products

1

Recent CVEs

23
View all 23 CVEs →
  • CVE-2026-9097CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject…

  • CVE-2026-9094CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target…

  • CVE-2026-9093CriMay 28, 2026
    risk 0.64cvss 9.8epss 0.00

    In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects…

  • CVE-2026-9098CriMay 28, 2026
    risk 0.59cvss 9.1epss 0.00

    In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or…

  • CVE-2026-9092CriMay 28, 2026
    risk 0.59cvss 9.1epss 0.00

    Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email_verified claim from upstream providers; the idp.UserInfo…

  • CVE-2026-9090CriMay 28, 2026
    risk 0.59cvss 9.1epss 0.00

    Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of…

  • CVE-2026-9095HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache,…

  • CVE-2026-9096HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning…

  • CVE-2026-6815MedMay 11, 2026
    risk 0.41cvss 5.9epss 0.01

    An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on…

  • CVE-2025-4210HigMay 2, 2025
    risk 0.41cvss 7.3epss 0.02

    A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated…

  • CVE-2025-61524HigOct 8, 2025
    risk 0.40cvss 7.2epss 0.01

    An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification…

  • CVE-2026-9091MedMay 28, 2026
    risk 0.34cvss 5.3epss 0.00

    Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user…

  • CVE-2024-5587MedJun 2, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch…

  • CVE-2026-5469MedApr 3, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this…

  • CVE-2026-5467MedApr 3, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The…

  • CVE-2026-5468LowApr 3, 2026
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been…

  • CVE-2023-34927Jun 22, 2023
    risk 0.03cvss epss 0.03

    Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

  • CVE-2022-24124Jan 29, 2022
    risk 0.01cvss epss 0.59

    The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.

  • CVE-2024-41658Aug 20, 2024
    risk 0.00cvss epss 0.00

    Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page…

  • CVE-2024-41657Aug 20, 2024
    risk 0.00cvss epss 0.01

    Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to…