CVE-2026-9092 — Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without — CVE Database · The Intelligence Room