216.73.217.98

CVE-2026-9096

· Published 28/05/2026 17:16 · Modified 28/05/2026 18:00

Labels: CVE-2026-9096 2026-05-28CVE-2026-9096[email protected]

Essential information

Published
28/05/2026 17:16
Modified
28/05/2026 18:00
Author
Creator
CISA KEV
No
CWE

Description

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning that time bounds are computed by the library but silently discarded before the user session is issued.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
casdoor / casdoor cpe:2.3:a:casdoor:casdoor:2.362.0:*:*:*:*:*:*:*
casdoor / casdoor cpe:2.3:a:casdoor:casdoor:*:*:*:*:*:*:*:*

References