CVE 9.8 CRITICAL

CVE-2026-9093_CVE-2026-9093

June 2, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects WarningInfo.NotInAudience. This allows assertions issued for other service providers to be accepted by Casdoor.

AI Analysis

SAML service provider implementation vulnerability allowing assertions issued for other service providers to be accepted

Basic Information

ID CVE-2026-9093

Source certcc

Published May 28, 2026 at 16:21

Modified Jun 2, 2026 at 16:44

Affected Product

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

Affected Versions Casdoor Casdoor 0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

References

kb.cert.org /vuls/id/780781

{
    "lastseen": "",
    "description": "In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects WarningInfo.NotInAudience. This allows assertions issued for other service providers to be accepted by Casdoor.",
    "published": "2026-05-28T16:21:50.192Z",
    "modified": "2026-06-02T16:44:14.889Z",
    "type": "cve",
    "title": "CVE-2026-9093",
    "source": "certcc",
    "references": "https://kb.cert.org/vuls/id/780781",
    "id": "CVE-2026-9093",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Casdoor Casdoor 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Casdoor",
    "version": "2.362.0 and earlier",
    "vendor": "Casdoor",
    "ai_description": "SAML service provider implementation vulnerability allowing assertions issued for other service providers to be accepted",
    "ai_severity": "Critical",
    "ai_vendor": "Casdoor",
    "ai_product": "Casdoor",
    "ai_version": "2.362.0 and earlier",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply