๐Ÿ” CVE Alert

CVE-2026-27982

MEDIUM 4.3
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

Vendor allauth
Product django-allauth
Published Mar 5, 2026
Last Updated Mar 6, 2026
Stay Ahead of the Next One

Get instant alerts for allauth django-allauth

Be the first to know when new medium vulnerabilities affecting allauth django-allauth are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Versions

allauth / django-allauth
prior to 65.14.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
allauth.org: https://allauth.org/news/2026/02/django-allauth-65.14.1-released/ jvn.jp: https://jvn.jp/en/jp/JVN23669411/