CVE-2026-9094

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1

Description An issue allows cross-organization token exchange. The GetTokenExchangeToken() function in object/token oauth.go validates JWT signatures but fails to verify if the token's user belongs to the same organization as the target application, potentially leading to privilege escalation across organizational boundaries.

Recommendations Update to a version later than 2.362.0. As a temporary workaround, restrict access to the GetTokenExchangeToken() function until the update is applied.