CVE-2026-5467
Open Redirect in Casdoor 2.356.0 OAuth Authorization Handler
Publication date: 2026-04-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| casbin | casdoor | 2.356.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Casdoor version 2.356.0 within the OAuth Authorization Request Handler component. It involves manipulation of the redirect_uri argument, which leads to an open redirect vulnerability. This means an attacker can craft a URL that redirects users to a malicious site.
The attack can be launched remotely and the exploit is publicly available. The vendor was informed early but did not respond.
How can this vulnerability impact me? :
The open redirect vulnerability can be exploited by attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, where users might be tricked into providing sensitive information or downloading malware.
Since the vulnerability requires user interaction (UI:R in CVSS v3.1), the impact depends on users clicking on crafted links. However, it can still undermine user trust and potentially lead to security breaches.