Server-Side Request Forgery in Casdoor Webhook URL Handler
CVE-2026-5469

5.1MEDIUM

Key Information:

Vendor

Casdoor

Status
Casdoor
Vendor
CVE Published:
3 April 2026

What is CVE-2026-5469?

A vulnerability has been found in the Casdoor Webhook URL Handler, specifically in version 2.356.0. This weakness allows an attacker to manipulate the component, potentially enabling server-side request forgery. Such an attack can be executed remotely, posing a significant risk to the server's integrity and security. Despite early disclosure attempts, the vendor has yet to respond regarding this issue.

Affected Version(s)

Casdoor 2.356.0

References

https://vuldb.com/vuln/355073
vdb-entry
https://vuldb.com/vuln/355073/cti
signaturepermissions-required
https://vuldb.com/submit/781771
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ghufran Khan (VulDB User)
VulDB CNA Team
.