cvedb.io
CVE-2026-9094
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-05-28T17:16:34.337 · Last modified 2026-06-17T11:04:49.320

Summary

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.