CVE-2026-5469

MEDIUM

Casdoor Webhook URL server-side request forgery

Title source: cna

Description

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

Scores

CVSS v3 4.7
EPSS 0.0004
EPSS Percentile 12.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-918
Status published
Products (3)
None/Casdoor 2.356.0
casbin/casdoor 2.356.0
casdoor/casdoor 0Go
Published Apr 03, 2026
Tracked Since Apr 03, 2026