CVE 9.8 CRITICAL

CVE-2026-9097_CVE-2026-9097

June 2, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revoked or invalidated. Because the revocation check is entirely absent, administrators are unable to terminate active sessions or revoke compromised tokens.

AI Analysis

Unverified JWT token exchange vulnerability in Casdoor

Basic Information

ID CVE-2026-9097

Source certcc

Published May 28, 2026 at 16:29

Modified Jun 2, 2026 at 16:43

Affected Product

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

Affected Versions Casdoor Casdoor 0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Casdoor

Product Casdoor

Version 2.362.0 and earlier

References

kb.cert.org /vuls/id/780781

{
    "lastseen": "",
    "description": "Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revoked or invalidated. Because the revocation check is entirely absent, administrators are unable to terminate active sessions or revoke compromised tokens.",
    "published": "2026-05-28T16:29:06.752Z",
    "modified": "2026-06-02T16:43:52.777Z",
    "type": "cve",
    "title": "CVE-2026-9097",
    "source": "certcc",
    "references": "https://kb.cert.org/vuls/id/780781",
    "id": "CVE-2026-9097",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Casdoor Casdoor 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Casdoor",
    "version": "2.362.0 and earlier",
    "vendor": "Casdoor",
    "ai_description": "Unverified JWT token exchange vulnerability in Casdoor",
    "ai_severity": "Critical",
    "ai_vendor": "Casdoor",
    "ai_product": "Casdoor",
    "ai_version": "2.362.0 and earlier",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply