CVE-2026-9093

Received Received - Intake

SAML AudienceRestriction Validation Flaw in Casdoor

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: CERT/CC

Description

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects WarningInfo.NotInAudience. This allows assertions issued for other service providers to be accepted by Casdoor.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-28

Last Modified

2026-05-28

Generated

2026-05-28

EPSS Evaluated

N/A

NVD

CVE-2026-9093

EUVD

EUVD-2026-32945

Affected Vendors & Products

Vendor	Product	Version / Range
casdoor	casdoor	to 2.362.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-9093

SAML AudienceRestriction Validation Flaw in Casdoor

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart