CVE-2026-5467: Casdoor vulnerable to Open Redirect

April 3, 2026 (updated April 10, 2026)

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/advisories/GHSA-mj24-pqx2-6788
github.com/casdoor/casdoor
nvd.nist.gov/vuln/detail/CVE-2026-5467
vuldb.com/submit/781769
vuldb.com/vuln/355071
vuldb.com/vuln/355071/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-5467 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →