CVE-2026-5467

MEDIUM

Casdoor OAuth Authorization Request redirect

Title source: cna

Description

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355071

[Signature, Permissions Required] https://vuldb.com/vuln/355071/cti

[Third Party Advisory] https://vuldb.com/submit/781769

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (3)

None/Casdoor 2.356.0

casbin/casdoor 2.356.0

casdoor/casdoor 0Go

Published Apr 03, 2026

Tracked Since Apr 03, 2026