CVE-2026-9096
Casdoor SAML Assertion Time Validation Bypass
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| casdoor | casdoor | to 2.362.0 (exc) |
| gosaml2 | gosaml2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Casdoor versions 2.362.0 and earlier, where the system does not enforce SAML assertion time bounds properly. Although the gosaml2 library detects and reports time-validation results such as NotOnOrAfter and NotBefore in the assertionInfo.WarningInfo field, the Casdoor function ParseSamlResponse() does not read this field. As a result, the time bounds are computed but ignored, allowing user sessions to be issued without verifying if the SAML assertion is within its valid time window.
How can this vulnerability impact me? :
Because Casdoor does not enforce the time validity of SAML assertions, an attacker could potentially use expired or not yet valid assertions to gain unauthorized access. This could lead to unauthorized user sessions being created, compromising the security of the system and potentially allowing attackers to impersonate users or access sensitive information.