Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 6:30 p.m.4 views

GHSA-GV4M-V8C8-HR3G Casdoor allows users to bypass configured MFA requirements

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 4:19 p.m.16 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social-login binding flow that bypasses MFA. The binding-rule path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable, so users authenticating through this path are logged in without MFA enforcement...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:19 p.m.10 views

CVE-2026-9091 CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:19 p.m.10 views

EUVD-2026-32942

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44420

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description A logic flaw exists in the social-login binding flow. The binding-rule code path in 'controllers/auth.go' calls the HandleLoggedIn function directly without invoking checkMfaEnable, allowing users ...

5.3CVSS6AI score0.00322EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
Rows per page
Query Builder