CVE-2026-27982
django-allauth has an open redirect vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
How to fix CVE-2026-27982
To remediate CVE-2026-27982, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 65.14.1 or later
- —upgrade to 65.14.1 or later
Is CVE-2026-27982 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0
- from 0, < 65.14.1
- from 0, < 65.14.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |