CVE-2026-5469

HIGH WAF: Medium

CVSS 7.2 Published: 2026-04-03

CWE-918

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

Affected Software

Vendor	Product	Version
casbin	casdoor	2.356.0

References

vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Permissions Required, VDB Entry)

Back to CVE Database