Skip to main content

Casdoor EUVDEUVD-2026-18658

| CVE-2026-5469 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-03 VulDB GHSA-p8c7-hjc4-gwf8
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 15:00 euvd
EUVD-2026-18658
Analysis Generated
Apr 03, 2026 - 15:00 vuln.today
CVE Published
Apr 03, 2026 - 14:30 nvd
MEDIUM 5.1

DescriptionCVE.org

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery in Casdoor 2.356.0 webhook URL handler allows authenticated remote attackers with high privileges to trigger SSRF attacks through webhook URL manipulation, enabling potential access to internal network resources. No public exploit code or active exploitation has been identified; CVSS 5.1 reflects limited confidentiality and integrity impact despite remote network accessibility.

Technical ContextAI

Casdoor's webhook URL handler component fails to properly validate or restrict the destination URLs that can be specified for webhook callbacks. This enables server-side request forgery (CWE-918), a class of vulnerability where an attacker manipulates server-side HTTP requests to access internal resources, bypassing network segmentation and access controls. The vulnerability resides in the webhook configuration mechanism, where user-supplied URLs are processed server-side without adequate sanitization. The affected product is identified via CPE as Casdoor (cpe:2.3:a:n/a:casdoor), with version 2.356.0 explicitly confirmed vulnerable. SSRF vulnerabilities in webhook handlers are particularly dangerous because webhooks inherently require outbound network requests, making legitimate and malicious traffic difficult to distinguish.

RemediationAI

Apply a patched version of Casdoor released after version 2.356.0 once vendor fixes become available. As a temporary mitigation, restrict webhook URL configuration to authenticated high-privilege accounts only, implement network-level restrictions on outbound connections from the Casdoor server to internal IP ranges (RFC 1918 addresses, localhost, 169.254.x.x), and use allowlist-based URL validation to restrict webhook destinations to approved external hosts. Monitor webhook configuration changes and outbound connections for anomalous behavior. Note: the vendor did not respond to early disclosure notifications, so updates may require monitoring Casdoor's public repository or release announcements directly.

CVE-2022-38638 CRITICAL POC
9.1 Sep 09

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/u

CVE-2024-41657 HIGH POC
8.8 Aug 20

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated high severity (CVSS 8.

CVE-2022-44942 HIGH POC
8.1 Dec 07

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.

CVE-2023-34927 MEDIUM POC
6.5 Jun 22

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passwo

CVE-2024-41658 MEDIUM POC
6.1 Aug 20

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated medium severity (CVSS

CVE-2026-6815 MEDIUM POC
5.9 May 11

Path traversal in Casdoor's Local File System storage provider allows authenticated administrators to write arbitrary fi

CVE-2026-9097 CRITICAL
9.8 May 28

Token revocation bypass in Casdoor identity management platform (versions 2.362.0 and earlier) allows remote unauthentic

CVE-2026-9094 CRITICAL
9.8 May 28

Cross-organization token exchange in Casdoor versions 2.362.0 and earlier allows remote unauthenticated attackers to esc

CVE-2026-9093 CRITICAL
9.8 May 28

SAML authentication bypass in Casdoor 2.362.0 and earlier allows remote unauthenticated attackers to authenticate as arb

CVE-2026-9092 CRITICAL
9.1 May 28

Account takeover in Casdoor versions 2.362.0 and earlier allows remote unauthenticated attackers to hijack accounts by s

CVE-2026-9098 CRITICAL
9.1 May 28

Authentication bypass in Casdoor 2.362.0 and earlier permits remote attackers controlling a registered upstream Identity

CVE-2026-9090 CRITICAL
9.1 May 28

Authentication bypass in Casdoor identity and access management platform (versions ≤2.362.0) allows remote unauthenticat

Share

EUVD-2026-18658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy