CVE-2026-5467

MEDIUM WAF: Medium

CVSS 6.1 Published: 2026-04-03

CWE-601

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
casbin	casdoor	2.356.0

References

vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Permissions Required, VDB Entry)

Back to CVE Database