CVE-2026-5467

Casdoor OAuth Authorization Request redirect

Description

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

Vendor	Product	Versions
—	casdoor	2.356.0

References

https://vuldb.com/vuln/355071(vdb-entry, technical-description)
https://vuldb.com/vuln/355071/cti(signature, permissions-required)
https://vuldb.com/submit/781769(third-party-advisory)

CVSS 3.14.3 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-601

PublishedApr 3, 2026

Last enriched3h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026