CVE 9.8 CRITICAL

CVE-2026-9094_CVE-2026-9094

June 2, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

AI Analysis

Cross-organization token exchange vulnerability in Casdoor

Basic Information

ID CVE-2026-9094

Source certcc

Published May 28, 2026 at 16:25

Modified Jun 2, 2026 at 16:44

Affected Product

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

Affected Versions Casdoor Casdoor 0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

References

kb.cert.org /vuls/id/780781

{
    "lastseen": "",
    "description": "Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.",
    "published": "2026-05-28T16:25:09.055Z",
    "modified": "2026-06-02T16:44:07.685Z",
    "type": "cve",
    "title": "CVE-2026-9094",
    "source": "certcc",
    "references": "https://kb.cert.org/vuls/id/780781",
    "id": "CVE-2026-9094",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Casdoor Casdoor 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Casdoor",
    "version": "2.362.0 and earlier",
    "vendor": "Casdoor",
    "ai_description": "Cross-organization token exchange vulnerability in Casdoor",
    "ai_severity": "Critical",
    "ai_vendor": "Casdoor",
    "ai_product": "Casdoor",
    "ai_version": "2.362.0 and earlier",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply