CVE-2026-9093 in Casdoorinfo

Zusammenfassung

von MITRE • 28.05.2026

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects WarningInfo.NotInAudience. This allows assertions issued for other service providers to be accepted by Casdoor.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Certcc

Reservieren

20.05.2026

Veröffentlichung

28.05.2026

Moderieren

akzeptiert

Eintrag

VDB-366817

CPE

bereit

CWE

CWE-863 (bestätigt)

CVSS

5.5 (VulDB)

EPSS

0.00054

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9093
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9093
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9093/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!