PT-2026-44422 · Casdoor · Casdoor

·

CVE-2026-9093

·

Published

2026-05-28

·

Updated

2026-07-07

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1
Description The SAML service provider implementation fails to validate the AudienceRestriction element in SAML assertions. This occurs because the buildSp() function in object/saml sp.go does not set the AudienceURI on the gosaml2 SAMLServiceProvider struct and ignores WarningInfo.NotInAudience. Consequently, the system may accept assertions intended for other service providers.
Recommendations Update Casdoor to version 2.362.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-9093
GHSA-3W4H-G9F5-J84P
GO-2026-5894

Affected Products

Casdoor