CVE-2026-9094
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 28, 2026
Vendor
unknown
Description
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.