Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.1

Django Allauth Security Risk: Malicious Redirects via SAML SSO

DEBIAN-CVE-2026-27982
Summary

Django Allauth versions before 65.14.1 may allow hackers to trick users into visiting fake websites. This is especially concerning if you're using Single Sign-On (SSO) with SAML. Update to version 65.14.1 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
debian django-allauth All versions
debian django-allauth All versions
debian django-allauth All versions
debian django-allauth All versions
Original title
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users t...
Original description
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
osv CVSS3.1 6.1
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026