CVE-2026-9096
CVE-2026-9096
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
4th
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning that time bounds are computed by the library but silently discarded before the user session is issued.
| Vendor | casdoor |
| Product | casdoor |
| Published | May 28, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for casdoor casdoor
Be the first to know when new high vulnerabilities affecting casdoor casdoor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Casdoor / Casdoor
0 โค 2.362.0