Home

Description

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

PUBLISHED Reserved 2026-02-25 | Published 2026-03-05 | Updated 2026-03-06 | Assigner jpcert




MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

URL redirection to untrusted site ('Open Redirect')

Product status

prior to 65.14.1
affected

References

allauth.org/news/2026/02/django-allauth-65.14.1-released/

jvn.jp/en/jp/JVN23669411/

cve.org (CVE-2026-27982)

nvd.nist.gov (CVE-2026-27982)

Download JSON