SAML Assertion Processing Flaw in Casdoor
CVE-2026-9093
9.8CRITICAL
What is CVE-2026-9093?
In versions of Casdoor up to 2.362.0, there exists a vulnerability in the SAML service provider that fails to validate the AudienceRestriction element within SAML assertions. This oversight occurs because the buildSp function within the implementation does not assign a proper AudienceURI to the SAMLServiceProvider struct and neglects to check the NotInAudience warning. Consequently, this allows for the acceptance of assertions from unauthorized service providers, potentially compromising the integrity of the authentication process.
Affected Version(s)
Casdoor 0 <= 2.362.0
