Description
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.
References (1)
Core 1
Core References
Scores
EPSS
0.0002
EPSS Percentile
4.5%
Details
Status
published
Products (1)
Casdoor/Casdoor
< 2.362.0
Published
May 28, 2026
Tracked Since
May 28, 2026