SAML Assertion Processing Flaw in Casdoor
CVE-2026-9093

9.8CRITICAL

Key Information:

Vendor

Casdoor

Status
Vendor
CVE Published:
28 May 2026

What is CVE-2026-9093?

In versions of Casdoor up to 2.362.0, there exists a vulnerability in the SAML service provider that fails to validate the AudienceRestriction element within SAML assertions. This oversight occurs because the buildSp function within the implementation does not assign a proper AudienceURI to the SAMLServiceProvider struct and neglects to check the NotInAudience warning. Consequently, this allows for the acceptance of assertions from unauthorized service providers, potentially compromising the integrity of the authentication process.

Affected Version(s)

Casdoor 0 <= 2.362.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.