Skip to main content

Casdoor CVE-2026-6815

| EUVDEUVD-2026-29080 MEDIUM
Path Traversal (CWE-22)
2026-05-11 certcc GHSA-rmxx-v9rj-vpvg
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 15:59 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
5.9 (MEDIUM)
CVE Published
May 11, 2026 - 15:20 nvd
MEDIUM 5.9
CVE Published
May 11, 2026 - 15:20 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.

AnalysisAI

Path traversal in Casdoor's Local File System storage provider allows authenticated administrators to write arbitrary files to the filesystem by bypassing path sanitization in the storage sandbox. An attacker with administrative privileges can exploit insufficient input validation to create or overwrite files anywhere on the host system. EPSS score of 0.03% indicates minimal real-world exploitation probability despite the moderate CVSS 5.9 score, suggesting the vulnerability requires both authenticated access and administrative privileges that significantly limit practical attack surface.

Technical ContextAI

Casdoor is an open-source identity and access management platform that provides pluggable storage backends, including a Local File System provider for file operations. The vulnerability exists in the Local File System storage module's path handling logic, where user-supplied file paths are not properly sanitized before filesystem operations. This allows classic path traversal techniques (e.g., '../../../') to escape the intended storage directory sandbox. The root cause is insufficient validation against directory traversal sequences in file write operations, classified under path traversal weaknesses. Casdoor versions through 2.328.0 are affected, indicating this is a historical vulnerability in the core storage abstraction layer.

RemediationAI

Upgrade Casdoor to a version newer than 2.328.0 to obtain the path sanitization fix; exact patched version not specified in available references. As an interim workaround, disable the Local File System storage provider and use alternative storage backends (e.g., S3, MinIO, or cloud storage) that are less susceptible to local path traversal, though this changes the storage architecture. Additionally, restrict Local File System storage configuration to users with strict administrative vetting, and apply OS-level filesystem permissions to limit the Casdoor process's write scope to a narrow directory with read-only parent paths to constrain traversal impact. Verify the fix in release notes at https://github.com/casdoor/casdoor/releases once patched versions are released, and test path traversal payloads in staging before production deployment.

CVE-2022-38638 CRITICAL POC
9.1 Sep 09

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/u

CVE-2024-41657 HIGH POC
8.8 Aug 20

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated high severity (CVSS 8.

CVE-2022-44942 HIGH POC
8.1 Dec 07

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.

CVE-2023-34927 MEDIUM POC
6.5 Jun 22

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo

CVE-2024-41658 MEDIUM POC
6.1 Aug 20

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated medium severity (CVSS

CVE-2026-9097 CRITICAL
9.8 May 28

Token revocation bypass in Casdoor identity management platform (versions 2.362.0 and earlier) allows remote unauthentic

CVE-2026-9094 CRITICAL
9.8 May 28

Cross-organization token exchange in Casdoor versions 2.362.0 and earlier allows remote unauthenticated attackers to esc

CVE-2026-9093 CRITICAL
9.8 May 28

SAML authentication bypass in Casdoor 2.362.0 and earlier allows remote unauthenticated attackers to authenticate as arb

CVE-2026-9092 CRITICAL
9.1 May 28

Account takeover in Casdoor versions 2.362.0 and earlier allows remote unauthenticated attackers to hijack accounts by s

CVE-2026-9098 CRITICAL
9.1 May 28

Authentication bypass in Casdoor 2.362.0 and earlier permits remote attackers controlling a registered upstream Identity

CVE-2026-9090 CRITICAL
9.1 May 28

Authentication bypass in Casdoor identity and access management platform (versions ≤2.362.0) allows remote unauthenticat

CVE-2026-9095 HIGH
8.1 May 28

Authentication bypass in Casdoor (versions ≤2.362.0) allows remote attackers to replay captured SAML assertions to hijac

Share

CVE-2026-6815 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy