PT-2026-23133 · Unknown · Allauth-Django
Ayato Shitomi
+1
·
Published
2026-03-05
·
Updated
2026-03-09
·
CVE-2026-27982
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
django-allauth versions prior to 65.14.1
Description
An open redirect issue exists when SAML IdP initiated SSO is enabled, which is disabled by default. This may allow an attacker to redirect users to an arbitrary external website through a crafted URL.
Recommendations
Update to django-allauth version 65.14.1 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Allauth-Django